Cybercriminals seem to be busy in carrying out espionage activities on high-value targets, that are using military-grade security. After Ramsay, within a week another malware strain has been observed that could penetrate air-gapped networks.
- In May 2020, the air-gapped networks of the Taiwanese and the Philippine military were targeted by a China-linked group known as Tropic Trooper (or KeyBoy).
- Attackers used a malware strain known as USBferry. This malware first infects a vulnerable system having lesser security, and then waits for a connecting USB drive to be ferried to other parts of the victim’s internal network, thus self-replicating itself until it reaches the targeted system.
- From the target system, it would steal sensitive information and wait until it gets ferried back to another internet-connected system, from where it would send the stolen data back to the hacker’s command and control servers.
Other real-world threats on Air-gapped systems
- In May 2020, in new malware dubbed Ramsay was detected, that uses various attack vectors to target an air-gapped system, aiming at very few but high-value victims.
- In January 2020, a new backdoor called PowerTrick was identified, that is capable of bypassing common restriction and security controls, and penetrate into the most secure air-gapped systems. It was developed by the cybercriminals behind the TrickBot malware, designed and tuned to infiltrate high-value targets.
More innovative attacks on Air-gapped systems
Various academians and researchers have also demonstrated new innovative ways to hack sensitive data from air-gapped systems. However, these methods have been used in any real-world attacks.
- In May 2020, researchers from Israel’s Ben Gurion University demonstrated a malware ‘POWER-SUPPLaY,’ that could use novel acoustic quirk in power supply units to steal sensitive data from air-gapped and audio-gapped systems, thus turning power-supply into speakers.
- In April 2020, Israeli researchers from the same Ben-Gurion University had devised a method called AiR-ViBeR, which could use the fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems.
- In February 2020, researchers from Israel identified a new method dubbed ‘BRIGHTNESS’ for stealing data from air-gapped computers. They demoed a way to encode and exfiltrate data by using quick flickers in LCD screen brightness.