Representatives of the space agency dicho that recently NASA staff and home-based agency contractors suffered from increase in the number of hacker attacks, and their devices are constantly trying to gain access to malicious sites.
Por lo tanto, según cifras oficiales, En los días recientes, NASA personnel have been suffering from:
- doubling the number of phishing attacks by email;
- exponential growth of malicious attacks on NASA systems;
- doubling attempts to block or mitigate the activity of NASA systems trying to access malicious sites (unknowingly, due to users accessing the Internet).
The last point means that NASA employees and contractors are actively clicking on malicious links that they send to them via email or text messages. And now this happens twice as often as usual. Social engineering is still one of the easiest ways to access corporate networks and users’ ordenadores.
The mechanisms for blocking and mitigating such incidents that NASA SOC uses seem to include blocking access to servers that are considered malicious or suspicious, as well as terminating dangerous downloads from agency computers. Desgraciadamente, these measures can hardly be called reliable, and much better when the staff is trained to recognize phishing attempts and act accordingly.
“NASA employees and contractors should be aware that the APT and cybercriminals are actively using the COVID-19 pandemic to attempt exploitation and attacks on NASA’s electronic devices, networks and personal devices. En algunos casos, the goals of [criminales] include access to confidential information, nombres de usuario y contraseñas, conducting denial of service attacks, the spread of misinformation, and fraud”, – told NASA representatives
Cybercriminals began to send emails with malicious attachments and links to fraudulent sites more often, trying to force victims to disclose confidential information and provide access to NASA systems, networks and data. Such baits are often masked as requests for donations, supposedly updated data on the methods of transmission of the virus, medidas de seguridad, tax refunds, information on fake vaccines and disinformation campaigns.
Como resultado, contractors and staff are advised to exercise caution when using computers and mobile devices connected to the Internet and to exercise increased vigilance.
As we wrote earlier, not only NASA will experience such difficulties. Por ejemplo, el otro día, Expertos en puntos de control reported eso 71% of cybersecurity experts report an increase in the number of threats and attacks since the beginning of the pandemic. The majority of respondents (55%) report phishing attempts as the main threat.
In second place are malicious sites that allegedly contain information and tips about coronavirus (32%). Next is the increase in the number of malware (28%) y ransomware (19%).
“My new certificate log catcher is sucking in all the covid-19 and coronavirus domain certificates. 3,143 certificates in 24 hours today (UTC), not yet checked for duplicate domains re-registered for additional hosts”, — informes IS expert Sean Gallagher.
En general, attackers are very actively exploiting the new opportunities that the pandemic offers them.
