Security News > 2021 > December > Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information.

"All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission medium to transfer data in and out of the targeted air-gapped networks," ESET researchers Alexis Dorais-Joncas and Facundo Muñoz said in a comprehensive study of the frameworks.

Primarily built to attack Windows-based operating systems, the Slovak cybersecurity firm said that no fewer than 75% of all the frameworks were found leveraging malicious LNK or AutoRun files on USB drives to either carry out the initial compromise of the air-gapped system or to move laterally within the air-gapped network.

"All frameworks have devised their own ways, but they all have one thing in common: with no exception, they all used weaponized USB drives," the researchers explained.

While connected frameworks work by deploying a malicious component on the connected system that monitors the insertion of new USB drives and automatically places the attack code needed to compromise the air-gapped system, offline frameworks like Brutal Kangaroo, EZCheese, and ProjectSauron rely on the attackers deliberately infecting their own USB drives to backdoor the targeted machine.

"Maintaining a fully air gapped system comes with the benefits of extra protection," Dorais-Joncas said.

News URL

https://thehackernews.com/2021/12/researches-detail-17-malicious.html