Even isolated networks for KRITIS are not safe from attacks or data theft. ESET researchers are investigating special malicious programs that target so-called "air gap" networks.
Critical and sensitive infrastructures must be particularly well protected against hackers. One possibility is the use of so-called "air gap" networks. These are used, for example, in industrial control systems that manage pipelines and power grids or dial-up or SCADA systems that control nuclear centrifuges, among other things. These systems are not directly connected to the internet. This complete isolation of a device or system from the Internet and other networks should ensure maximum security. ESET researchers use 17 malware to show how APT (Advanced Persistent Threats) groups can still be successful.
Hackers have found ways to attack
“Unfortunately, hackers have found a way to attack these isolated networks. More and more companies are relying on the "air gap" technology for sensitive systems. The attackers have now reacted to this and refined their skills in order to find new vulnerabilities, ”says Alexis Dorais-Joncas, head of the Security Intelligence Team at ESET. “For organizations with critical infrastructures and / or sensitive information, the loss of this data can cause enormous damage. The potential that this particular malware has is enormous. All malicious programs we examined aim to carry out espionage. USB drives are used as a physical transmission medium to smuggle data in and out of the attacked networks. "
Analysis is designed to help security professionals with prevention
Detecting and analyzing these particular malware is a particular challenge. In some cases, there are multiple components that need to be analyzed together to get a complete picture of the attacks. The analysis is based on the knowledge published by more than 10 different organizations over the years and some research to clarify or confirm technical details. The ESET researchers, led by Alexis Dorais-Joncas, were able to take a close look at this particular type of malware. They found out how the security of these networks can be improved and future attacks can be detected and defused at an early stage.
Tips for protecting “air gap” networks
Based on the identified risks, ESET has compiled the following list of detection methods and tools to protect these isolated networks from the most important techniques used by hackers.
- Prevent email access to connected hosts: Preventing direct access to email on connected systems would defuse this popular attack vector. This could be implemented with a browser or email isolation architecture in which all email activities are performed in a separate virtual environment.
- Deactivating USB ports: Physically removing or disabling USB ports on all systems running in an "air gap" network is the ultimate in protection. While removal may not be practical for all businesses, functional USB ports should only be limited to the systems that absolutely need it.
- Disinfection of USB drives: A malware scan of the USB drives, performed before a USB drive is plugged into an air gap system, could interrupt many of the techniques implemented by the frameworks examined.
- Running files on removable drives only: Executing files should only be limited to removable drives. Several techniques used for compromise end up with the direct execution of an executable file stored somewhere on the hard drive.
- Regular analysis of the system: Regularly analyzing the system for malware is an important part of security to protect data.
In addition, endpoint security protects against the exploitation of vulnerabilities. The use of such a solution, which must also be kept up to date, can keep attackers away in advance. “A fully secured system needs additional protection. But like all other security mechanisms, "air gap" networks are not a panacea and do not prevent attackers from exploiting outdated systems or bad employee habits, "comments ESET researcher Alexis Dorais-Joncas.
More at WeLiveSecurity.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.