Researchers have found that the Tick cyberespionage group are weaponizing secure USB drives to target air-gapped critical systems. The group, which largely targets organisations from Japan and South Korea, are known to conduct attack campaigns with various custom malware such as Minzen, Datper, Nioupale (aka Daserf), and HomamDownloader. Javvad Malik, Security Advocate at AlienVault commented below.
Javvad Malik, Security Advocate at AlienVault:
“This particular attack bears all the signs of a very specific targeted attack designed to infect particular institutes or machines – not too dissimilar to Stuxnet.
Employees that work in sensitive organisations that have air-gapped networks should be particularly vigilant against plugging in devices. In some cases, even approved USB drives should be tested in a separate environment prior to being loaded in secure areas.
Prevention aside, critical systems should have threat detection controls that can alert where an infected drive has been plugged into an endpoint and take remedial steps beyond raising an alarm, such as isolating an infected machine from the rest of the network.”