The Register has reported that “one of the most prolific and capable Russian malware groups is using a rare module to infect USB sticks and hose air-gapped machines in defence industry organisations.
The group, known as “Sofacy” or “Pawn Storm” has been ripping into air gap defence organisations since at least August, demonstrating its skills using zero day vulnerabilities to foist malware, Kaspersky researchers say.” Tim Erlin, director of decurity and product management at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“The USB port has been the proverbial backdoor for a long time. When a network connection isn’t available or assailable, attackers look to the physical connections on the device, and to the human operators for transit. If you’re using ‘sneaker-net’ to deliver data to your systems, it’s an attack vector that has to be protected.
Data theft is a two-way street. Getting malware onto an air-gapped system is only half of the equation. Attackers have to successfully extract the data as well, and preventing exfiltration can be as effective as preventing infiltration.
Remember that USB can be used for more than just memory sticks. Attackers have used modified memory sticks to emulate other devices, like USB keyboards, to craft attacks that get around some security controls.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]