Hackers Weaponize Secure USB Drives To Target Air-Gapped Critical Systems

Researchers have found that the Tick cyberespionage group are weaponizing secure USB drives to target air-gapped critical systems. The group, which largely targets organisations from Japan and South Korea, are known to conduct attack campaigns with various custom malware such as Minzen, Datper, Nioupale (aka Daserf), and HomamDownloader. Javvad Malik, Security Advocate at AlienVault commented below.

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“This particular attack bears all the signs of a very specific targeted attack designed to infect particular institutes or machines – not too dissimilar to Stuxnet.

Employees that work in sensitive organisations that have air-gapped networks should be particularly vigilant against plugging in devices. In some cases, even approved USB drives should be tested in a separate environment prior to being loaded in secure areas.

Prevention aside, critical systems should have threat detection controls that can alert where an infected drive has been plugged into an endpoint and take remedial steps beyond raising an alarm, such as isolating an infected machine from the rest of the network.”

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x