NASA’s Security Operations Center (SOC) experts have issued a warning regarding a growing trend toward phishing attempts, malware attacks, or just people accessing malicious sites.
Many NASA employees have started to work from home, just like numerous other employees throughout the world. And, just like everyone else, they are now more exposed to phishing attempts and other types of cyberattacks, which are usually blocked by the SOC.
The volume of cyberattacks has increased considerably with the advancement of the COVID-19 pandemic, and NASA is a prime target for specific attacks. If anything, federal employees are all the more exposed as many of them can be used as a jumping-off point into protected infrastructure, if they fall for a phishing attempt.
“Cyber criminals have increased sending emails with malicious attachments and links to fraudulent websites, attempting to trick victims into revealing sensitive information and gain access to NASA systems, networks, and data,” reads the NASA advisory.
“Lures include requests for donations, updates on virus transmissions, safety measures, tax refunds, fake vaccines, and disinformation campaigns. When someone clicks on these links, the unsuspecting user has malware delivered to their system (in split seconds) capable of data exfiltration (stealing our credentials, files, and information).”
Believing that these types of campaigns only happen on computers is wrong — mobile devices are just as exposed. Just like in the private sector, NASA employees were asked to follow a few rules to mitigate attack vectors.
· Use the NASA VPN before starting work. This allows your system to leverage ALL of NASA’s security protections.
· Don’t open your personal email or non-work-related social media on your NASA computer systems/devices. Also, be cautious before clicking on links in text messages and social media.
· Keep your personal email and social media separate from NASA.
· Ensure your NASA electronic devices receive required patches and updates.
· Use authorized software, video, and teleconferencing systems and protect access instructions to them.
· Continue to protect NASA sensitive information in accordance with NASA policies, including encrypting NASA emails containing sensitive information.
· Do not reveal personal or financial information in emails, and do not respond to email solicitations for this information.