The New Jersey Office of Homeland Security and Preparedness has issued its 2025 Threat Assessment.
The report serves as stark reminder for public officials that technology offers fresh ways for criminals, including those backed by countries such as Russia and China, to steal data and disrupt infrastructure and operations.
The reports paints a dark picture for the rest of the year — besides cybersecurity, officials worry about “homegrown violent extremists” and attacks on the 2025 FIFA Club World Cup and other U.S.-based events — and offers some data and updates that help illustrate the ongoing threats.
For instance, the report warns readers about “stealer malware, which extracts login credentials, session tokens and other sensitive authentication data directly from an infected endpoint.”
Attacks using that tool can “evade traditional endpoint detection systems,” the report cautions, adding that state cybersecurity officials try to defend against this criminal tactic by “proactively” seeking out compromised email addresses and passwords published to the dark web and other outlets.
Those New Jersey cybersecurity officials last year recorded more than 28,000 compromised credentials notifications in the public sector, according to the report. More than 26,000 of them came from the education sector, with the rest from law enforcement, city and county governments, health care and water.
The new threat assessment notes that more than “15 billion sets of compromised credentials are available on the Internet,” a figure that demonstrates the risks to public agencies, private companies and residents in the state.
A late 2024 ransomware attack in Hoboken stands as an example of what New Jersey — and, of course, other states, counties and cities — face in the coming year and beyond, according to the report. The attack reportedly came from an organized group linked to a cyber-crime organization and resulted in “the temporary closure of City Hall and the suspension of online services,” along with disruptions to court and street cleaning operations.
“These and other notable ransomware attacks demonstrate that no sector is immune,” the report states. “Government, health care, water and wastewater, and other critical infrastructure sectors are prime targets for ransomware actors due to the urgent need to restore services.”
More than 100 public and private organizations in New Jersey experienced ransomware attacks last year, the report says. Average ransomware demands increased to $1.9 million, underscoring the expensive nature of the threat.
“It should be noted that fewer victims are paying ransoms and opt to recover systems and services from backups instead,” the report states.
