Essential Guide

Problem solve Get help with specific problems with your technologies, process and projects.

How air gap attacks challenge the notion of secure networks


Air gap attacks are a growing cyberthreat that make air-gapped networks, which are cut off from the internet, vulnerable to attack. While systems that are air-gapped are typically used to protect critical systems and data, attackers have found a way to circumvent those protective gaps to gain access to the systems, as well as to covertly exfiltrate data from them.

This guide is a collection of expert advice and recent news and analysis on air gap attacks, as well as the history of such attacks, to alert infosec professionals of this danger.

1Latest threats-

New air gap attacks, targets emerging

The most recent air gap attacks include sophisticated threats, such as the Brutal Kangaroo USB malware, and the use of sensor-based data exfiltration techniques. There are new targets for such attacks, as well, including electronic voting machines and industrial control systems. After voting machines were hacked on a secure system at DEFCON, a call for stronger security tactics is being heard throughout the industry.


AIR-Jumper: How can security camera lights transmit data?

Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis. Continue Reading


Brutal Kangaroo USB malware could be reverse-engineered

The Brutal Kangaroo USB malware leaked from the CIA's Vault 7 could pose a threat to air-gapped computers if hackers reverse-engineer it. Continue Reading


Can a thermal sensor pull data from an air-gapped computer?

An air-gapped computer is supposed to be safe from over-the-air attacks, yet new research exposed a vulnerability that allows heat and thermal sensors to extract data. Expert Nick Lewis explains how to address the threat. Continue Reading


DEFCON hopes voting machine hacking can secure systems

The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments. Continue Reading


DHS' Dragonfly ICS campaign alert isn't enough, experts say

The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure. Continue Reading


Trisis ICS malware was publicly available after attack

The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors. Continue Reading

2USB malware-

How USB malware gets around the air gap defense

One way that hackers are beating the air gap is through the use of USB malware, such as USB Thief, as it can infect targeted systems leaving little, if any, trace. These threats use different techniques to jump air gaps in order to spread malware across a network, create covert channels for transmitting sensitive data, and even permanently disable or destroy targeted systems.


Brutal Kangaroo: How does it hop to air-gapped computers?

The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis. Continue Reading


How can USB Thief be stopped from infecting air-gapped systems?

USB Thief, a new type of stealth malware, leaves no trace on air-gapped targets. Expert Nick Lewis explains how the malware works and how enterprises can mitigate attacks. Continue Reading


Proof-of-concept malware jumps air gap with sound card

Researchers demonstrate proof-of-concept malware exfiltrating data using high-frequency transmissions inaudible to humans Continue Reading


How does USBee turn USB storage devices into covert channels?

USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack. Continue Reading


How does USB Killer v3 damage devices through their USB connections?

USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and how to defend against this threat. Continue Reading


The truth about USB malware and safety best practices

A strain of malware can steal data from a USB device itself rather than infect a network or system. Nick Lewis explains how to mitigate the threat. Continue Reading

3History of air gap attacks-

Stuxnet and the origins of air gap attacks

One of the first instances of an air gap attack was the Stuxnet worm in 2010. While the original attack targeted Iran's nuclear facility at Natanz, variants of the Stuxnet worm have been discovered in enterprises over the years. This section looks back at Stuxnet and the shadow it still casts over the threat landscape.


Iran confirms Stuxnet hit uranium enrichment centrifuges

Iran's president, Mahmoud Ahmadinejad has confirmed that the Stuxnet computer worm affected centrifuges in the country's uranium enrichment programme. Continue Reading


Stuxnet worm is prototype for cyber-weapon, say security experts

The exact target of the Stuxnet worm that appeared more than a year ago is still a matter of speculation, but security experts agree it is one of the most sophisticated pieces of malware seen to date. Continue Reading


Stuxnet hit Chevron’s systems, the energy giant admits

US energy giant Chevron has revealed that it was hit by the Stuxnet virus in 2010 Continue Reading


Stuxnet worm flaw still the most exploited after seven years

Security researchers say the vulnerability behind the infamous Stuxnet worm is still the most exploited in the world, seven years after being patched. Continue Reading


After Stuxnet: Windows Shell flaw still most abused years later

A Windows Shell flaw used by the Stuxnet worm continues to pose problems years after it was patched. Nick Lewis explains how the flaw exposes enterprise security shortcomings. Continue Reading

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.