NASA sees an “exponential” jump in malware attacks as personnel work from home

Stu Sjouwerman | Apr 8, 2020

spreading-malwareArs Technica reports that NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agency’s Office of the Chief Information Officer said on Monday.

A new wave

“A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak,” officials wrote in a memo. The wave over the past few days includes a(n):

  • Doubling of email phishing attempts
  • Exponential increase in malware attacks on NASA systems
  • Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet

The last item is particularly concerning because it suggests that NASA employees and contractors are clicking on malicious links sent in email and text messages at twice the rate as normal. Tricking people into clicking on malicious links or opening malicious email attachments remains one of the easiest ways to gain entry into enterprise networks and individual computers users alike.

NASA’s mitigation blocking mechanisms—which likely include blocking access to servers deemed to be malicious or suspicious as well as stopping malicious downloads—can go a long way in reducing the damage that happens when agency computers try to access these destinations. These mitigations aren’t foolproof, so it’s important that personnel be trained to recognize phishing attempts and act accordingly.

The risk to all types of attacks is only heightened by the outbreak of the COVID-19 pandemic, which has sent millions of people working from home almost overnight, with little time for IT departments to formalize procedures for maintaining the security of organization networks.

Cybercriminals are exploiting fears around the COVID-19 pandemic to tailor their threats, and businesses are feeling the effects: 71% of security professionals surveyed have seen an increase in security threats or cyberattacks since the coronavirus outbreak began, researchers report.

Check Point and Dimensional Research polled 411 IT and security professionals to learn how the pandemic has created new challenges. The most prominent threat is phishing, as cited by 55% of respondents, followed by malicious websites promising information on the pandemic (32%). Practitioners have also seen increases in malware (28%) and ransomware attacks (19%). Continued at Ars Technica:

https://arstechnica.com/information-technology/2020/04/nasa-sees-an-exponential-jump-in-malware-attacks-as-personnel-work-from-home/

 

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Get the latest insights, trends and security news. Subscribe to CyberheistNews.