Tuesday, November 12, 2024
HomeCyber Security NewsResearchers Details Attacks On Air-Gaps Computers To Steal Data

Researchers Details Attacks On Air-Gaps Computers To Steal Data

Published on

Malware protection

The air-gap data protection method isolates local networks from the internet to mitigate cyber threats and protect sensitive data, which is commonly used by organizations dealing with confidential information such as personal, financial, medical, legal, and biometric data. 

By eliminating internet connectivity, air-gap networks provide a high level of security against external attacks, ensuring compliance with regulations like GDPR, which is particularly valuable for industries like government, finance, defense, and healthcare, where data breaches can have severe consequences.

Air-gapped networks, once considered impervious to attacks, have been breached using techniques like supply chain attacks and insider threats. Malware can compromise air-gapped networks, collect data, and exfiltrate it using covert channels. 

- Advertisement - SIEM as a Service

These channels exploit electromagnetic leakage, acoustic waves, magnetic fields, or thermal emissions to transmit data to a third party.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

For instance, biometric information can be encoded into inaudible ultrasonic sounds and transmitted to a nearby device.

 The chain of attack.

Air-gapping is a security measure that isolates a system from external networks to prevent unauthorized access and data transfer by creating a physical or digital barrier between the system and the outside world, making it difficult for attackers to exploit vulnerabilities. 

While air-gapping offers a high level of security, it can also limit convenience and usability, as data transfer requires manual methods.

To mitigate risks associated with manual data transfer, security measures like IDS, firewalls, and data diodes can be implemented.

It is not explicitly mandated by specific regulations, but it is often employed in industries handling sensitive data to enhance security. Regulations like HIPAA and GDPR indirectly support air-gapping by emphasizing robust data protection measures. 

Attack scenario

Recent high-profile data breaches, such as MOVEit, Ronin, LinkedIn, Accellion, T-Mobile, and Magellan Health, underscore the criticality of air-gapping and similar isolation techniques to prevent unauthorized access and data leakage. 

Advanced attackers employ various techniques to infiltrate air-gapped networks, including physical access, supply chain attacks, and social engineering.

Once inside, they utilize covert channels like USB devices, acoustic attacks, and insider threats to exfiltrate sensitive data. 

Optical covert channel via keyboard LEDs.

USB devices can be infected with malware that spreads through the network, as acoustic attacks exploit sound waves to transmit information between computers.

Insider threats pose significant risks as authorized individuals may misuse their access to leak data.

Countermeasures against air-gap covert channels involve physical isolation, red-black separation, device hardening, signal monitoring, operating system behavioral analysis, and employee education, which ensure secure access, prevent unauthorized connections, detect unusual emissions, and promote security awareness.

The paper explores the vulnerability of air-gapped networks to data exfiltration despite their physical and logical isolation from the internet by investigating how attackers can exploit various covert channels, including acoustic, electromagnetic, electric, optical, thermal, and physical mediums, to encode and secretly leak sensitive data. 

The research reviews existing malware that can infect air-gapped networks and proposes an adversarial attack model, categorizes different covert channels, and discusses countermeasures. 

It concludes that while air-gapped networks provide a high level of isolation, they are not impervious to air-gap covert channels, emphasizing the need for additional defensive measures to protect sensitive data.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...