| The incidence of zero-day exploitation has shown an alarming increase on a global scale, significantly affecting federal government agencies, particularly over the last month, as emphasized by the Cybersecurity and Infrastructure Security Agency (CISA). Despite an overall decline in these vulnerabilities, federal government analysts observed an increase in zero-day exploits. This uptick indicates evolving tactics among cyber threat actors, particularly in sophisticated nation-state-backed campaigns that continue to leverage these previously unknown vulnerabilities in sophisticated cyberattacks. |
| Over the past six months, the NJCCIC observed similar patterns in which advanced persistent threat (APT) groups rapidly developed and deployed zero-day exploits impacting public and private NJ organizations. These exploits include the Citrix Bleed vulnerability, which was most recently used in LockBit ransomware attacks impacting Boeing and the Industrial and Commercial Bank of China (ICBC). Similarly, the Atlassian and SysAid zero-days have been widely used in significant cyberattacks. |
| There is a critical need for enhanced collaboration across public and private sectors to combine cybersecurity defense efforts and develop rapid response mechanisms, including the Defense Industrial Base sector, according to Darren Turner, the National Security Agency’s (NSA’s) cybersecurity directorate chief of critical networks defense. The NJCCIC has actively pursued efforts to increase collaboration with local and state agencies, most recently supporting these endeavors by hosting a multi-state cyber range incident response exercise. More information regarding this live-fire exercise can be found in the below announcement. |