NASA Reports a Rise in Malware Attacks as Personnel Work from Home

NASA experienced a massive rise in malware attacks on agency devices, attempting to access malicious websites in the last few days. The information was shared by the agency's Office of the Chief.

According to an official memo, a new wave of cyberattacks is targeted at Federal agency personnel, required to work from home during the pandemic. The actions taken against employees included an increase of phishing attempts, an increase in malware attacks on NASA systems, and mitigation blocking of NASA systems attempting to access malicious sites.

The last case was especially worrying for NASA since it suggests the employees and contractors are being fooled into clicking on malicious links. Those are usually sent in spam campaigns in emails or text messages, tricking users into visiting domains laced with malware.

This Week in Malware Ep 9: Telecommuters Returning to Office Post-Covid-19 See Spike in Ransomware

The mitigation blocking mechanisms used by NASA include blocking access to malicious servers, stopping malicious downloads, and more. That may help a great deal in protecting agency systems when it happens, but the mitigation techniques are not perfect. Humans being the weak link, in this case, need training and recognition of phishing attempts and actions to adapt.

The risk of these attacks is made worse with the COVID-19 pandemic, due to forcing millions of people to work from home. That forced IT departments to scramble to keep up with security on the organization and business networks within days. In NASA's case, their memo states the following:

"NASA employees and contractors should be aware that nation-states and cyber criminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices. Some of their goals include accessing sensitive information, usernames and passwords, conducting denial of service attacks, spreading disinformation, and carrying out scams. Cyber criminals have increased sending emails with malicious attachments and links to fraudulent websites, attempting to trick victims into revealing sensitive information and grant access to NASA systems, networks, and data. Lures include requests for donations, updates on virus transmissions, safety measures, tax refunds, fake vaccines, and disinformation campaigns."

NASA isn't the only organization seeing a massive surge in attacks that work to capitalize on the fear of the ongoing pandemic. Weeks ago, researchers started noticing a marked increase in phishing emails bearing the Coronavirus theme spreading on the web. Some of them claimed to be official emails from university officials; others pretended to be coming from the World Health Organization (WHO).

Researchers working for Sophos found dozens of new domains containing the word 'COVID' and more than five thousand HTTPS certificates that reference the virus. These certificates were issued over a mere three day period, meaning the number of domains is on the rise even now. Scammers may likely use a decent amount of those.

What employees can do while working from home

Security companies gave out some tips on working from home, but those are mostly ineffective when it comes to agency personnel, according to NASA. One of the first suggestions was to use a VPN connection, which is already mandatory in the case of NASA.

People working from home who need to access G Suites, Salesforce, or other cloud services have fewer benefits when using a VPN. That kind of connection also provides no added protection against any phishing scams or malware attacks on its own, so additional steps are needed.

The most useful way of keeping browsers, router firmware, operating systems, phones, and devices secure are to keep them up to date. Workers must also have personal email and messages on devices separate from those used for work. Keeping your eyes out for phishing attempts is one of the essential parts of the formula, so employees need to receive training to understand.

The NASA memo warned the employees and contractors should expect these cyberattacks to continue 'at an elevated level.'