How air gap attacks challenge the notion of secure networks

Last updated:April 2018

Editor's note

Air gap attacks are a growing cyberthreat that make air-gapped networks, which are cut off from the internet, vulnerable to attack. While systems that are air-gapped are typically used to protect critical systems and data, attackers have found a way to circumvent those protective gaps to gain access to the systems, as well as to covertly exfiltrate data from them.

This guide is a collection of expert advice and recent news and analysis on air gap attacks, as well as the history of such attacks, to alert infosec professionals of this danger.

1How USB malware gets around the air gap defense

One way that hackers are beating the air gap is through the use of USB malware, such as USB Thief, as it can infect targeted systems leaving little, if any, trace. These threats use different techniques to jump air gaps in order to spread malware across a network, create covert channels for transmitting sensitive data, and even permanently disable or destroy targeted systems.

2Stuxnet and the origins of air gap attacks

One of the first instances of an air gap attack was the Stuxnet worm in 2010. While the original attack targeted Iran's nuclear facility at Natanz, variants of the Stuxnet worm have been discovered in enterprises over the years. This section looks back at Stuxnet and the shadow it still casts over the threat landscape.