"In order to evade anti-virus (AVs), Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS), the function can be implemented in a separate thread and injected into the memory space of another trusted process in the system," noted Guri in the report. Source: SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables, page 3Īlong the way, CTAs can use specific techniques to avoid alerting traditional security technologies. Once the laptop receiver obtains those signals, it can then reconstruct the exfiltrated information. Those signals are correlated with sensitive information stored on the air-gapped computer. The attack chain relies on transmitting radio signals from the SATA cable to a laptop receiver. It uses the Serial ATA (SATA), a bus interface which is available on many computer systems and IT environments. This includes the use of physical media to modulate information into the air. CTAs can try to use these covert channels to exfiltrate information from air-gapped computers. Inside the SATAn Attack Flowĭiscussed in a report written by security researcher Mordechai Guri at the Ben-Gurion University of the Negev, SATAn hinges on the use of covert channels, or communication channels not intended for data transfer. But it's not the only one. In this blog post, we’ll discuss how the “SATAn” attack uses the Serial ATA (ATA) interface to target air-gapped attacks. When it comes to targeting an air-gapped computer, removable media is a preferred tactic. Given the targets and assets involved, CTAs would most likely need to be motivated by nation-state interests given the overhead costs." State, Local, Tribal, and Territorial (SLTT) organizations. "They're commonly found in military organizations, owners of industrial control systems (ICS), as well as U.S. "Air-gapped computers and networks are typically a sign of systems that protect highly secure and confidential information or control of critical processes," it explained. The Cyber Threat Intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center (MS-ISAC) is well aware of this reality. The logic is that air-gapping makes it more difficult for cyber threat actors (CTAs) to compromise the isolated computer and, by extension, exfiltrate information from the organization.īut air-gapping isn't as secure as it appears. Indeed, organizations responsible for protecting highly sensitive data sometimes use a technique known as “air-gapping.” As noted by TechRepublic, air-gapping involves isolating a computer by removing/disallowing a network connection. If you think that the best way to protect data is to keep it off the network, you are not alone.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |