The world is now hyperconnected with smart machines, technologies, sensors, IoT, etc. Technology is a coin with two sides. While these hyper-converged systems provide incredible efficiencies and insights for smart decisions, they hold your security hostage and increase risks. Therefore, some systems are off the grid to protect confidential and sensitive data. However, these air-gapped systems are compromised easily with a USB device. This device can pass security barriers, raising few to no alarms. In this article, Jai Vijayan at Dark Reading discusses the common factor that defies the air-gapped systems despite all measures.
The Dirty USB and Its Malicious Activities
All cyber-attacks have one thing in common: the USB stick. Even the most sophisticated Stuxnet attack victimized the uranium enrichment facility in 2010. ESET had tested over 17 malware frameworks for vulnerabilities and found that a USB device was the easiest way to introduce malware in air-gapped systems. So, organizations should restrict the use of USB devices, and should monitor it closely in case of inevitable usage.
Understanding malware frameworks and how they infiltrate systems and exfiltrate data is crucial to identify and block malicious activities. Over the years, many malware frameworks have been used to exploit, corrupt, and steal sensitive information. This is drawing a chain of events that have a cascading effect on the country or organization that it affects. There is a common trait among all the malware frameworks trailing even from 15 years up to now. They are all crafted by advanced threat groups to orchestrate espionage. Then, the malware compromises an air-gapped system or moves laterally on an air-gapped network. The USB is the only key to the kingdom of air-gapped systems and networks.
Malware Attacks on Connected Frameworks
An organization’s Internet-connected system is hacked, and malware is deployed to detect when a USB device is inserted. The infected USB drive transmits a malicious payload, conducting surveillance on any network it is plugged into, collecting and storing specific information. The stored data is exfiltrated when the USB drive is put back into the compromised system on the Internet-connected network. When the USB drive is inserted into a compromised system connected to the Internet, the data stored within the drive is retrieved.
Malware Attacks on Offline Frameworks
In offline frameworks, covert transmissions can transmit data out of air-gapped systems automatically. Though there has not been a single instance where this has been used. This indicates human involvement is necessary to prep the malware-loaded USB and introduce it to the air-gapped systems to launch the attack.
To read the original article, click on https://www.darkreading.com/attacks-breaches/usb-devices-common-denominator-in-all-attacks-on-air-gapped-systemsd