Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber threats and protect sensitive data, which is commonly used by organizations dealing with confidential information such as personal, financial, medical, legal, and biometric data. 

By eliminating internet connectivity, air-gap networks provide a high level of security against external attacks, ensuring compliance with regulations like GDPR, which is particularly valuable for industries like government, finance, defense, and healthcare, where data breaches can have severe consequences.

Air-gapped networks, once considered impervious to attacks, have been breached using techniques like supply chain attacks and insider threats. Malware can compromise air-gapped networks, collect data, and exfiltrate it using covert channels. 

These channels exploit electromagnetic leakage, acoustic waves, magnetic fields, or thermal emissions to transmit data to a third party.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

For instance, biometric information can be encoded into inaudible ultrasonic sounds and transmitted to a nearby device.

Air-gapping is a security measure that isolates a system from external networks to prevent unauthorized access and data transfer by creating a physical or digital barrier between the system and the outside world, making it difficult for attackers to exploit vulnerabilities. 

While air-gapping offers a high level of security, it can also limit convenience and usability, as data transfer requires manual methods.

To mitigate risks associated with manual data transfer, security measures like IDS, firewalls, and data diodes can be implemented.

It is not explicitly mandated by specific regulations, but it is often employed in industries handling sensitive data to enhance security. Regulations like HIPAA and GDPR indirectly support air-gapping by emphasizing robust data protection measures. 

Recent high-profile data breaches, such as MOVEit, Ronin, LinkedIn, Accellion, T-Mobile, and Magellan Health, underscore the criticality of air-gapping and similar isolation techniques to prevent unauthorized access and data leakage. 

Advanced attackers employ various techniques to infiltrate air-gapped networks, including physical access, supply chain attacks, and social engineering.

Once inside, they utilize covert channels like USB devices, acoustic attacks, and insider threats to exfiltrate sensitive data. 

USB devices can be infected with malware that spreads through the network, as acoustic attacks exploit sound waves to transmit information between computers.

Insider threats pose significant risks as authorized individuals may misuse their access to leak data.

Countermeasures against air-gap covert channels involve physical isolation, red-black separation, device hardening, signal monitoring, operating system behavioral analysis, and employee education, which ensure secure access, prevent unauthorized connections, detect unusual emissions, and promote security awareness.

The paper explores the vulnerability of air-gapped networks to data exfiltration despite their physical and logical isolation from the internet by investigating how attackers can exploit various covert channels, including acoustic, electromagnetic, electric, optical, thermal, and physical mediums, to encode and secretly leak sensitive data. 

The research reviews existing malware that can infect air-gapped networks and proposes an adversarial attack model, categorizes different covert channels, and discusses countermeasures. 

It concludes that while air-gapped networks provide a high level of isolation, they are not impervious to air-gap covert channels, emphasizing the need for additional defensive measures to protect sensitive data.

Download Free Incident Response Plan Template for Your Security Team – Free Download