Air gap attacks are a growing cyberthreat that make air-gapped networks, which are cut off from the internet, vulnerable to attack. While systems that are air-gapped are typically used to protect critical systems and data, attackers have found a way to circumvent those protective gaps to gain access to the systems, as well as to covertly exfiltrate data from them.
This guide is a collection of expert advice and recent news and analysis on air gap attacks, as well as the history of such attacks, to alert infosec professionals of this danger.
New air gap attacks, targets emerging
The most recent air gap attacks include sophisticated threats, such as the Brutal Kangaroo USB malware, and the use of sensor-based data exfiltration techniques. There are new targets for such attacks, as well, including electronic voting machines and industrial control systems. After voting machines were hacked on a secure system at DEFCON, a call for stronger security tactics is being heard throughout the industry.
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to prevent it with expert Nick Lewis. Continue Reading
The Brutal Kangaroo USB malware leaked from the CIA's Vault 7 could pose a threat to air-gapped computers if hackers reverse-engineer it. Continue Reading
An air-gapped computer is supposed to be safe from over-the-air attacks, yet new research exposed a vulnerability that allows heat and thermal sensors to extract data. Expert Nick Lewis explains how to address the threat. Continue Reading
The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments. Continue Reading
The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure. Continue Reading
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors. Continue Reading
How USB malware gets around the air gap defense
One way that hackers are beating the air gap is through the use of USB malware, such as USB Thief, as it can infect targeted systems leaving little, if any, trace. These threats use different techniques to jump air gaps in order to spread malware across a network, create covert channels for transmitting sensitive data, and even permanently disable or destroy targeted systems.
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis. Continue Reading
USB Thief, a new type of stealth malware, leaves no trace on air-gapped targets. Expert Nick Lewis explains how the malware works and how enterprises can mitigate attacks. Continue Reading
Researchers demonstrate proof-of-concept malware exfiltrating data using high-frequency transmissions inaudible to humans Continue Reading
USB storage devices can be turned into covert channels with a software tool called USBee. Expert Nick Lewis explains how to protect your enterprise data from this attack. Continue Reading
USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and how to defend against this threat. Continue Reading
A strain of malware can steal data from a USB device itself rather than infect a network or system. Nick Lewis explains how to mitigate the threat. Continue Reading
3History of air gap attacks-
Stuxnet and the origins of air gap attacks
One of the first instances of an air gap attack was the Stuxnet worm in 2010. While the original attack targeted Iran's nuclear facility at Natanz, variants of the Stuxnet worm have been discovered in enterprises over the years. This section looks back at Stuxnet and the shadow it still casts over the threat landscape.
Iran's president, Mahmoud Ahmadinejad has confirmed that the Stuxnet computer worm affected centrifuges in the country's uranium enrichment programme. Continue Reading
The exact target of the Stuxnet worm that appeared more than a year ago is still a matter of speculation, but security experts agree it is one of the most sophisticated pieces of malware seen to date. Continue Reading
US energy giant Chevron has revealed that it was hit by the Stuxnet virus in 2010 Continue Reading
Security researchers say the vulnerability behind the infamous Stuxnet worm is still the most exploited in the world, seven years after being patched. Continue Reading
A Windows Shell flaw used by the Stuxnet worm continues to pose problems years after it was patched. Nick Lewis explains how the flaw exposes enterprise security shortcomings. Continue Reading