According to a cybersecurity threat report, cyberattacks against air-gapped systems have increased significantly this year. The advisory revealed that removable devices such as hard drives, memory cards, and USB drives were responsible for over 50% of cyberattacks this year.
The report became worrying for researchers as the attack has risen by more than 20% since last year. Compromised removable disks could allow attackers to gain remote connectivity, establish C2, and exfiltrate data from a target.
Researchers explained how a new tactic could exfiltrate data from air-gapped systems.
Air-gapped systems can now be compromised by smartphone gyroscopes and ultrasonic tones if used as a vector of a malicious entity.
The new attack vector is called GAIROSCOPE, which exploits advanced installed malware and smartphones in the system. Subsequently, the malware inside the system generates ultrasonic tones detectable by the microelectromechanical system gyroscope. This gyroscope is standard for most of the smartphones available in the market.
Hence, this vector could enable attackers to acquire sensitive data such as encryption keys and passwords and later encode it via frequency-shift keying.
The Israeli researchers also explained another attack tactic. According to them, the LEDs within the Network Interface Controller of air-gapped devices could be abused by threat actors to exfiltrate data.
The devices subject to this exploit are servers, PCs, embedded controllers, printers, and network cameras. This exploit is dubbed ETHERLED, an attack strategy involving access to targeted devices through supply chain attacks, social engineering methods, or malicious insiders.
ETHERLED could enable attackers to plant malware, harvest sensitive data, and utilise a covert channel to exfiltrate information. An adversary can then use several modulation types to transmit the exfiltrated data.
Air gapping is commonly used in government agencies, military practices, industrial systems, and the financial sector. Therefore, malicious attacks against these devices can pose a massive threat to anyone.
To help mitigate the effects of this attack, restrict data transfer limits while preventing threat actors from reprogramming the targeted software to an encoding scheme and deploying random noise to modulate signals.
