Law Requires Public Agencies Report Cyber Incidents; Emotet Activity Returns; Intelligence Report: Racially Motivated Violent Extremists Pose Greatest Risk to the US

Continuing the Administration’s efforts to keep New Jersey cyber safe, Gov. Phil Murphy signed legislation (S297/A493) March 13 requiring State agencies and government contractors to report cybersecurity incidents to the New Jersey Office of Homeland Security and Preparedness within 72 hours of an incident. “As we continue to face an evolving threat landscape, we must also adapt the mechanisms in place that safeguard our state,” Gov. Murphy said. “This legislation will bolster New Jersey’s security by expediting cybersecurity incident reporting and increase our resilience through effective communication. We remain committed to equipping our state with the best practices and the strongest defense possible in order to keep our communities safe.” The bill requires NJOHSP Director Laurie Doran to establish and publish reporting guidelines to facilitate the timely and confidential submission of incident notifications by all public agencies in New Jersey, including municipalities, counties, kindergarten through 12th grade public schools, public colleges and universities and State law enforcement agencies, as well as government contractors. The purpose is to ensure the timely reporting of cybersecurity incidents that jeopardize the confidentiality, integrity or availability of systems and information. “Cyber threats are constantly evolving and, on the rise, not only in New Jersey but throughout the nation and the world,” Director Doran said. “This new cyber incident reporting law will help connect the dots, allowing for effective collective incident response among all stakeholders. I would like to thank Governor Murphy and the bill’s sponsors for making this legislation a priority.” NJOHSP’s cybersecurity division, the New Jersey Cybersecurity and Communications Integration Cell, received 375 confirmed cyber incident reports in 2022. Quick and consistent reporting will assist NJCCIC in expediting response and mitigating further incidents while improving its visibility and awareness of current trends. The new reporting requirement will take effect immediately. Bill sponsors include Sen. Linda Greenstein, Sen. Fred Madden, Assemblywoman Carol Murphy, Assemblyman Daniel Benson and Assemblyman Clinton Calabrese. To report a cyber incident, contact 833-4-NJCCIC or visit cyber.nj.gov, where interested parties may also learn more about New Jersey’s cybersecurity efforts or sign up for an NJCCIC membership for cybersecurity-related updates, alerts and bulletins.

Additional Resources

Full Press Release | cyber.nj.gov | njccic@cyber.nj.gov

Emotet has resurfaced globally in new campaigns that use finance and invoice lures to gain remote access, deploy ransomware and collect information for future campaigns. The NJCCIC observed phishing attempts to deliver Emotet in emails that appear to be new messages or replies to existing conversation threads. Using non-U.S. top-level domains, malicious actors sent the emails, which contained a compressed Microsoft Word document. If users have macro settings enabled when they unzip the file, the document downloads a compressed Emotet DLL file. To evade security software, the initial attack file and final payload are artificially inflated to over 500 megabytes. This technique may cause performance issues or lead to detection failure when scanning the files for malicious indicators. The NJCCIC recommends users refrain from responding to unsolicited communications and clicking links or opening attachments from unknown senders, while exercising caution with messages from known senders.

More information can be found on the NJCCIC website.

Additional Resources

Incident Reporting | NJCCIC Membership

International terrorism remains a persistent and evolving threat to U.S. individuals and interests at home and abroad with threat actors and cells adhering to ISIS and al-Qa’ida ideologies, while racially or ethnically motivated violent extremists pose the most lethal threat to U.S. individuals, facilities and interests, according to the Office of the Director of National Intelligence’s 2023 Annual Threat Assessment of the U.S. Intelligence Community. The report, released March 8, examines the sum total of intelligence gathered and offers a forecast of the most serious threats the U.S. faces for the coming year. At a Senate Intelligence Committee hearing, Director of National Intelligence Avril Haines focused largely on China, along with Russia in regard to its war with Ukraine. However, she said that despite major leadership losses for ISIS and al-Qa’ida in 2022, the two terrorist groups remain committed to attacking U.S. interests. However, she added that the threat is greatest in the regions where these groups' affiliates operate, rather than in the U.S. homeland. ISIS’ ideology and propaganda, she explained, almost certainly will continue to inspire attacks in the West, including in the United States. Haines noted that Iran also continues to be a threat to the U.S. directly and via proxy attacks.

Additional Resources

NJOHSP 2023 Threat Assessment