Malware attacks on NASA exponentially increase due to new coronavirus
To stop the spread of the new coronavirus, companies and organizations around the world are rapidly adopting telecommuting, and NASA has
NASA CIO Agencywide Memo: Alert: Cyber Threats Significantly Increasing During Coronavirus Pandemic
http://spaceref.com/news/viewsr.html?pid=53512
NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica
https://arstechnica.com/information-technology/2020/04/nasa-sees-an-exponential-jump-in-malware-attacks-as-personnel-work-from-home/
On April 6, 2020, the NASA Chief Information Officer (CIO) sent an email to all NASA employees titled 'Cyber threats are increasing significantly during the Coronavirus pandemic.' Among them, the CIO noted that attacks blocked by NASA systems have doubled, `` a new wave of cyber attacks targeting federal government employees who are required to work from home has occurred If you are using the system, please stay vigilant and take the same precautions when using your home PC. '
According to the announcement of NASA's CIO, the number of phishing attempts via email has doubled in the past few days, and malware attacks targeting NASA systems have increased exponentially. The malicious emails and messages that are the starting point of such attacks are NASA employees who have requested 'donations,' 'updates on viruses,' 'security measures,' 'notice of tax refunds,' 'fake vaccines,' He is trying to steal PC credentials and files by posing as 'fake campaign information'.
Regarding this announcement, IT news site Ars Technica said, `` NASA employees and contractor employees are clicking twice as often as usual on malicious links sent by email or text message. It's a particularly bad situation because it suggests. '
NASA is not alone in increasing the attacks targeting workers at home. The Hill, a U.S. political specialty newspaper, said, `` Major agencies such as the U.S. Department of Health and Human Services and the World Health Organization (WHO) have been targeted by hackers, and although no damage has occurred, attacks continue to be made 'I said the press was. According to information received by WHO insiders from Reuters, not only attacks targeting WHO, but also 'attacks impersonating WHO' have doubled .
In response, WHO states, 'We will never ask for a username or password,' 'we will not send attachments unless you ask for it,' 'other than links starting with www.who.int Does not require access to the Internet, 'does not request payment for work requests, participation in meetings, hotel reservations, etc.', 'sends lottery and sweepstakes campaigns by e-mail, issues certificates, grants of benefits, stating that you do not do, such as the procurement of funds ' issued a statement , and we call attention to suspicious e-mail that said the wHO.
'During an outbreak, the threat targeting telecommuters has increased exponentially. Many businesses have found that work is becoming increasingly difficult,' said Solomon Adote, chief security officer at the Delaware Information Technology Department (DTI) in the United States. We can't afford a dedicated PC for our employees, nor can we afford a top-level secure remote access environment, and in light of these circumstances, the risks for companies are significantly greater than before. ' He pointed out that the target extends to telecommuting of not only government agencies but also general companies.
According to Adote, sessions in the online video conferencing app Zoom are particularly vulnerable to attack. It has been pointed out that Zoom has many security and privacy issues.
It turns out that part of the encryption key of the online video conference application `` Zoom '' is issued from `` China server '', vulnerable to the `` standby room '' function-GIGAZINE
To address the growing threat of telecommuting, NASA's CIO told employees, 'When you start working, use a dedicated VPN for NASA. You can take advantage of security protection. '
On the other hand, Ars Technica says, `` Working from home with a cloud-based service such as G Suite or Salesforce has little benefit from using a VPN, and public VPNs offer protection from phishing scams and malware attacks. There are many things that don't exist. ' As a measure that can be taken by people working for companies or organizations that can not maintain high security such as NASA, `` keep OS, browser, router firmware, smartphone, and all other devices and systems up to date '' Was the most helpful. '
Related Posts:
in Security, Posted by log1l_ks