A Russian group known as Pawn Storm has been using a module to infect USB sticks to penetrate air-gapped machines in the defense industry. The group has targeted various Government Agencies including NATO and the White House.
Tim Erlin, Director of IT Security and Risk Strategy for Tripwire says, “USB sticks can be used for more than just memory sticks. Attackers have used modified memory sticks to emulate other devices, like USB keyboards, to craft attacks that get around some security controls. Data theft is a two-way street. Getting malware onto an air-gapped system is only half of the equation. Attackers have to successfully extract the data as well, and preventing exfiltration can be as effective as preventing infiltration.” Please find full comments below.
Tim Erlin, Director of IT Security and Risk Strategy, Tripwireadd, “The USB port has been the proverbial backdoor for a long time. When a network connection isn’t available or assailable, attackers look to the physical connections on the device, and to the human operators for transit. If you’re using ‘sneaker-net’ to deliver data to your systems, it’s an attack vector that has to be protected.
Data theft is a two-way street. Getting malware onto an air-gapped system is only half of the equation. Attackers have to successfully extract the data as well, and preventing exfiltration can be as effective as preventing infiltration.
Remember that USB can be used for more than just memory sticks. Attackers have used modified memory sticks to emulate other devices, like USB keyboards, to craft attacks that get around some security controls."