https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

USB devices the common denominator in all attacks on air-gapped systems

USB devices the common denominator in all attacks on air-gapped systems

  • Written by Jai Vijayan / Dark Reading
  • 6th December 2021

Cyberattacks on air gapped systems, including the sophisticated and dangerous 2010 Stuxnet attack that crippled a uranium enrichment facility, all have one thing in common: a USB stick.

A new ESET study of 17 malware frameworks that threat actors have used over the past decade to target air-gapped systems showed every one of them used a USB drive to introduce malware into the environment and extract data from there. The security vendor found that the best defense for organizations against attacks on air-gapped systems is to restrict USB use as much as possible and to monitor them closely in situations where the devices need to be used.

“Defending air-gapped networks against cyberattacks is a very complex topic that involves several disciplines,” says Alexis Dorais-Joncas, security intelligence team lead at ESET. “That being said, there is value in understanding how known [malware] frameworks operate in air-gapped environments and deriving ways to detect and block common malicious activities.”

Organizations often protect their most critical business and operations systems by physically separating them — or air-gapping them — from other connected networks. The goal is to ensure that an attacker who might have gained access to the enterprise network has no way of reaching these systems through lateral movement, privilege escalation, and other methods.

Even so, there have been numerous instances over the past several years where threat actors managed to bridge the air gap and access mission-critical systems and infrastructure. The Stuxnet attack on Iran — believed to have been led by US and Israeli cybersecurity teams — remains one of the most notable examples. In that campaign, operatives managed to insert a USB device containing the Stuxnet worm into a target Windows system, where it exploited a vulnerability (CVE-2010-2568) that triggered a chain of events that eventually resulted in numerous centrifuges at Iran’s Natanz uranium enrichment facility being destroyed.

Other frameworks that have been developed and used in attacks on air-gapped systems over the years include South Korean hacking group DarkHotel’s Ramsay, China-based Mustang Panda’s PlugX, the likely NSA-affiliated Equation Group’s Fanny, and China-based Goblin Panda’s USBCulprit. ESET analyzed these malware frameworks, and others that have not be specifically attributed to any group such as ProjectSauron and agent.btz. The security vendor’s researchers focused specifically on facets such as malware execution mechanisms, malware functionalities within air-gapped networks for persistence, reconnaissance, and other activities and on communication and exfiltration channels.

Big Similarities
The exercise revealed some showed major similarities among all of them — including malware frameworks from as long 15 years ago. In addition to USBs being a common thread, every malware toolkit for air-gapped networks also was the handiwork of an advanced persistent threat group. All frameworks were designed to conduct espionage and to specifically target Windows devices. More than 75% of them used malicious LNK or autorun files on USB drives to initially compromise an air-gapped system or move laterally on an air-gapped network.

“The main takeaway is that the one and only point of entry ever observed into air-gapped networks is via USB drives. That’s where organizations should focus their efforts,” says Dorais-Joncas. “[Organizations] should also realize that many of the 17 frameworks took advantage of one-day vulnerabilities, which are security flaws for which a patch existed at the time of exploitation,” he says. This means keeping air-gapped systems up to date with the latest security fixes is important and would force the attacker to either develop or acquire suitable zero-day exploits or to use less efficient techniques, he says.

ESET found that while frameworks for attacking air-gapped networks share many similarities, the way the attacks themselves are carried out tend to fall into one of two categories: connected frameworks and offline frameworks.

To read the complete article, visit Dark Reading.

 

 

 

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military News Public Safety Security Software State & Local Government System Design System Installation System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • How AT&T won DFW Airport's $10 million private 5G business
    According to Mike Youngs, it all started with the bathrooms at Dallas Fort Worth (DFW) International Airport. Youngs, the airport’s VP for IT, wanted to use wireless technology to reduce crowding in restroom lines during the COVID-19 pandemic. His team installed sensors and lights above stalls and monitors outside restrooms to let people know when […]
  • Russia's war in Ukraine shows cyberattacks can be war crimes
    Russia’s cyberattacks against Ukrainian civilian and critical infrastructure has shown what it looks like when cyberattacks are part of warfare. What remains to be seen is whether the world will treat them as war crimes. “For too long, the world has been considering cyber terrorism as something unrealistic, too sci-fi-ish, and cyber weapons as not […]
  • FCC grants 700 MHz Band 14 license renewal to FirstNet Authority
    An FCC bureau yesterday renewed the FirstNet Authority’s spectrum license into at least 2027, allowing the nationwide public-safety broadband network (NPSBN) to continue operating over the 700 MHz Band 14 airwaves—a key component of the FirstNet Authority’s 25-year agreement with contractor AT&T. Approved by the FCC Public Safety and Homeland Security Bureau (PSHSB), the license […]
  • How vehicle insurance and autonomy intertwined
    In early 2023 Oxbotica claimed at an event, which was held at Lloyd’s of London about the Future of Autonomy that insurance and autonomy are intertwined. At the event, Sam Tiltman, sharing economy and mobility leader for the UK & Ireland at Marsh, claimed that the combined impact of Mobility-as-a-Service (MaaS), electric vehicles and automation is huge. […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Moving core to cloud for 'suckers,' tweets BT exec after AWS outage
  • Why cloud service providers are a single point of failure
  • Military vets share lessons that helped them build infosec startups
  • When will security frameworks catch up with the new cybersecurity normal?

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

How AT&T won DFW Airport’s $10 million private 5G business dlvr.it/Spj4Pt

27th May 2023
UrgentComm

Russia’s war in Ukraine shows cyberattacks can be war crimes dlvr.it/Spj3c2

27th May 2023
UrgentComm

FCC grants 700 MHz Band 14 license renewal to FirstNet Authority dlvr.it/Spj2Ny

27th May 2023
UrgentComm

Broadband for Critical Communications Everywhere Providing Connectivity When Seconds Count dlvr.it/Sph602

26th May 2023
UrgentComm

How vehicle insurance and autonomy intertwined dlvr.it/SpglBb

26th May 2023
UrgentComm

World’s least-expensive self-driving vehicle revealed dlvr.it/Spgc88

26th May 2023
UrgentComm

Voice calling is finally making its way onto 5G dlvr.it/SpdtYW

26th May 2023
UrgentComm

With many cities facing a fiscal cliff as ARPA funding ends, debt ceiling debate continues on Capitol Hill dlvr.it/Spdsnq

26th May 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.