NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home. “A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak,” officials wrote in a memo. The wave over the past few days includes:
1 Doubling of email phishing attempts
2 Exponential increase in malware attacks on NASA systems
3 Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet.
Tricking people into clicking on malicious links or opening malicious email attachments remains one of the easiest ways to gain entry into enterprise networks and individual computers users alike.
NASA’s mitigation blocking mechanisms which likely include blocking access to servers deemed to be malicious or suspicious as well as stopping malicious downloads can go a long way in reducing the damage that happens when agency computers try to access these destinations.
These mitigations aren’t foolproof, so it’s important that personnel be trained to recognize phishing attempts and act accordingly. For those working from home we advise keep operating systems, browsers, router firmware, phones, and all other systems and devices up to date.
Workers should also receive personal email and messages on computers or phones that are separate than those used for work. Keeping an eye out for phishing attacks is also important, although as noted earlier, the challenge is extremely difficult to implement across the board, particularly now that employees are working remotely.