NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agency’s Office of the Chief Information Officer said on Monday.
A new wave
“A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak,” officials wrote in a memo. The wave over the past few days includes a(n):
- Doubling of email phishing attempts
- Exponential increase in malware attacks on NASA systems
- Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet
The last item is particularly concerning because it suggests that NASA employees and contractors are clicking on malicious links sent in email and text messages at twice the rate as normal. Tricking people into clicking on malicious links or opening malicious email attachments remains one of the easiest ways to gain entry into enterprise networks and individual computers users alike.
NASA’s mitigation blocking mechanisms—which likely include blocking access to servers deemed to be malicious or suspicious as well as stopping malicious downloads—can go a long way in reducing the damage that happens when agency computers try to access these destinations. These mitigations aren’t foolproof, so it’s important that personnel be trained to recognize phishing attempts and act accordingly.
The risk to all types of attacks is only heightened by the outbreak of the COVID-19 pandemic, which has sent millions of people working from home almost overnight, with little time for IT departments to formalize procedures for maintaining the security of organization networks. The NASA memo stated:
NASA employees and contractors should be aware that nation-states and cyber criminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices. Some of their goals include accessing sensitive information, usernames and passwords, conducting denial of service attacks, spreading disinformation, and carrying out scams. Cyber criminals have increased sending emails with malicious attachments and links to fraudulent websites, attempting to trick victims into revealing sensitive information and grant access to NASA systems, networks, and data. Lures include requests for donations, updates on virus transmissions, safety measures, tax refunds, fake vaccines, and disinformation campaigns.
NASA is hardly alone in seeing a significant uptick in attacks that capitalize on fear sparked by the ongoing pandemic. Three weeks ago, researchers reported a torrent of coronavirus-themed phishing emails. Some emails posed as official communications from university officials to students and staff. Others masqueraded as World Health Organization communications detailing safety measures to prevent infection.
Researchers from security company Sophos, meanwhile, have tracked dozens of newly created Internet domains containing “covid” and more than 5,000 HTTPS certificates referencing the coronavirus or the COVID-19 disease it causes. The certificates were issued over a three-day span, and the total is likely higher by now.
My new certificate log catcher is sucking in all the covid-19 and coronavirus domain certificates. 3,143 certificates in 24 hours today (UTC), not yet checked for duplicate domains re-registered for additional hosts. pic.twitter.com/7DicR4qCqk
— Sean Gallagher (@thepacketrat) April 4, 2020
What WFH workers can do
Security companies have offered a bevy of tips for work-from-home personnel, and much of it is ineffective. One of the chief suggestions is to use a VPN. VPNs make sense for people who connect to enterprise networks to use on-premises apps. But in this case, VPNs are almost always mandatory, making the suggestion superfluous.
People working from home who access G Suites, Salesforce, or other cloud-based services get considerably less benefit from VPNs, and given how sketchy the market is for these services, VPNs may pose more of a risk than not using one at all. Another shortcoming: consumer VPNs usually provide no added protection against phishing scams or malware attacks.
The most helpful advice is to keep operating systems, browsers, router firmware, phones, and all other systems and devices up to date. Workers should also receive personal email and messages on computers or phones that are separate than those used for work. Keeping an eye out for phishing attacks is also important, although as noted earlier, the challenge is extremely difficult to implement across the board, particularly now that employees are working remotely.
“NASA employees and contractors should expect these cyber threats and cyber attacks to continue at an elevated level,” Monday’s memo warned. “Be cautious while working and when using your personal computers or mobile devices.”