Cybercriminals seem to be busy in carrying out espionage activities on high-value targets, that are using military-grade security. After Ramsay, within a week another malware strain has been observed that could penetrate air-gapped networks.
In May 2020, the air-gapped networks of the Taiwanese and the Philippine military were targeted by a China-linked group known as Tropic Trooper (or KeyBoy).Attackers used a malware strain known as USBferry. This malware first infects a vulnerable system having lesser security, and then waits for a connecting USB drive to be ferried to other parts of the victim's internal network, thus self-replicating itself until it reaches the targeted system.
From the target system, it would steal sensitive information and wait until it gets ferried back to another internet-connected system, from where it would send the stolen data back to the hacker’s command and control servers.
Other real-world threats on Air-gapped systems
In May 2020, in new malware dubbed Ramsay was detected, that uses various attack vectors to target an air-gapped system, aiming at very few but high-value victims.
In January 2020, a new backdoor called PowerTrick was identified, that is capable of bypassing common restriction and security controls, and penetrate into the most secure air-gapped systems. It was developed by the cybercriminals behind the TrickBot malware, designed and tuned to infiltrate high-value targets.
More innovative attacks on Air-gapped systems
Various academians and researchers have also demonstrated new innovative ways to hack sensitive data from air-gapped systems. However, these methods have been used in any real-world attacks.
..
Support the originator by clicking the read the rest link below.
