Thursday, December 5, 2024
HomeCyber Security NewsResearchers Details Attacks On Air-Gaps Computers To Steal Data

Researchers Details Attacks On Air-Gaps Computers To Steal Data

Published on

SIEM as a Service

The air-gap data protection method isolates local networks from the internet to mitigate cyber threats and protect sensitive data, which is commonly used by organizations dealing with confidential information such as personal, financial, medical, legal, and biometric data. 

By eliminating internet connectivity, air-gap networks provide a high level of security against external attacks, ensuring compliance with regulations like GDPR, which is particularly valuable for industries like government, finance, defense, and healthcare, where data breaches can have severe consequences.

Air-gapped networks, once considered impervious to attacks, have been breached using techniques like supply chain attacks and insider threats. Malware can compromise air-gapped networks, collect data, and exfiltrate it using covert channels. 

- Advertisement - SIEM as a Service

These channels exploit electromagnetic leakage, acoustic waves, magnetic fields, or thermal emissions to transmit data to a third party.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

For instance, biometric information can be encoded into inaudible ultrasonic sounds and transmitted to a nearby device.

 The chain of attack.

Air-gapping is a security measure that isolates a system from external networks to prevent unauthorized access and data transfer by creating a physical or digital barrier between the system and the outside world, making it difficult for attackers to exploit vulnerabilities. 

While air-gapping offers a high level of security, it can also limit convenience and usability, as data transfer requires manual methods.

To mitigate risks associated with manual data transfer, security measures like IDS, firewalls, and data diodes can be implemented.

It is not explicitly mandated by specific regulations, but it is often employed in industries handling sensitive data to enhance security. Regulations like HIPAA and GDPR indirectly support air-gapping by emphasizing robust data protection measures. 

Attack scenario

Recent high-profile data breaches, such as MOVEit, Ronin, LinkedIn, Accellion, T-Mobile, and Magellan Health, underscore the criticality of air-gapping and similar isolation techniques to prevent unauthorized access and data leakage. 

Advanced attackers employ various techniques to infiltrate air-gapped networks, including physical access, supply chain attacks, and social engineering.

Once inside, they utilize covert channels like USB devices, acoustic attacks, and insider threats to exfiltrate sensitive data. 

Optical covert channel via keyboard LEDs.

USB devices can be infected with malware that spreads through the network, as acoustic attacks exploit sound waves to transmit information between computers.

Insider threats pose significant risks as authorized individuals may misuse their access to leak data.

Countermeasures against air-gap covert channels involve physical isolation, red-black separation, device hardening, signal monitoring, operating system behavioral analysis, and employee education, which ensure secure access, prevent unauthorized connections, detect unusual emissions, and promote security awareness.

The paper explores the vulnerability of air-gapped networks to data exfiltration despite their physical and logical isolation from the internet by investigating how attackers can exploit various covert channels, including acoustic, electromagnetic, electric, optical, thermal, and physical mediums, to encode and secretly leak sensitive data. 

The research reviews existing malware that can infect air-gapped networks and proposes an adversarial attack model, categorizes different covert channels, and discusses countermeasures. 

It concludes that while air-gapped networks provide a high level of isolation, they are not impervious to air-gap covert channels, emphasizing the need for additional defensive measures to protect sensitive data.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Latest articles

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware

Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...