For years, air-gapping has been recommend as a standard cybersecurity practice to protect sensitive systems and networks. Often, organizations isolate their critical systems by disconnecting them from the public internet or other networks to protect sensitive data and backups from cybercriminals. However, this technique is not proving to be a magic bullet as it once was.
Why the rising concern?
Last month, three reports showed an increased interest of hacking groups toward developing malware capable of infiltrating air-gapped networks. Let’s find out!
The Chinese hacking group, Tropic Trooper, also known as KeyBoy targeted the air-gapped networks of Taiwan and the Philippines military. According to Trend Micro, a cybersecurity and defense company, the attacks embraced the use of USBferry, a malware strain with a feature that allows self-replication to removable USB devices.
Researchers at ESET, the cybersecurity firm, discovered a malware called Ramsay that is capable of jumping the air gap to collect Word, ZIP files, and PDFs in a hidden storage container. Once the malware enters an air-gapped device, it can spread to any other device it may find.
Security researchers at Kaspersky identified a new version of the COMpfun malware used by Turla, a state-sponsored Russian threat actor. The new malware contains a self-propagation mechanism to infect other systems on internal or air-gapped networks.
After three back-to-back attacks on air-gapped networks within a week in May, Kaspersky revealed a new malware called USBCulprit in the first week of June. Used by a hacking group known as Cycldek, Goblin Panda, or Conimes, the malware is ..
Support the originator by clicking the read the rest link below.
