NASA’s Security Operations Center (SOC) experts have
issued a warning regarding a growing
trend toward phishing attempts, malware attacks, or just people accessing
Many NASA employees have started to work from home, just
like numerous other employees throughout the world. And, just like everyone
else, they are now more exposed to phishing attempts and other types of
cyberattacks, which are usually blocked by the SOC.
The volume of cyberattacks has increased considerably
with the advancement of the COVID-19 pandemic, and NASA is a prime target for
specific attacks. If anything, federal employees are all the more exposed as
many of them can be used as a jumping-off point into protected infrastructure,
if they fall for a phishing attempt.
“Cyber criminals have increased sending emails with malicious attachments and links to fraudulent websites, attempting to trick victims into revealing sensitive information and gain access to NASA systems, networks, and data,” reads the NASA advisory.
“Lures include requests for donations, updates on virus
transmissions, safety measures, tax refunds, fake vaccines, and disinformation
campaigns. When someone clicks on these links, the unsuspecting user has
malware delivered to their system (in split seconds) capable of data
exfiltration (stealing our credentials, files, and information).”
Believing that these types of campaigns only happen on
computers is wrong — mobile devices are just as exposed. Just like in the
private sector, NASA employees were asked to follow a few rules to mitigate attack
· Use the NASA VPN before starting work. This allows your
system to leverage ALL of NASA’s security protections.
· Don’t open your personal email or non-work-related
social media on your NASA computer systems/devices. Also, be cautious before
clicking on links in text messages and social media.
· Keep your personal email and social media separate from
· Ensure your NASA electronic devices receive required
patches and updates.
· Use authorized software, video, and teleconferencing
systems and protect access instructions to them.
· Continue to protect NASA sensitive information in
accordance with NASA policies, including encrypting NASA emails containing
· Do not reveal personal or financial information in
emails, and do not respond to email solicitations for this information.