Just One Day Without Several New Security Nightmares? Just One!
If you are serious about securing a computer then you ensure that it isn’t connected to anything that can send data, also known as an air-gapped machine because that’s all that touches it. This works for voting machines, industrial controllers and secret federal databases because those are the computers which hold data you don’t want escaping. Unfortunately that makes them very attractive targets for hackers, but the fact they should need physical access to the machines to exfiltrate data helps sysadmins sleep at night. The problem is that every once a while someone figures out a way to get hold of the data without touching the systems.
Such is the case today, where not one but two new techniques to steal data from air-gapped machines have been discovered, both coming from a hacking group known as GoldenJackal. They are part of what is described as a modular toolkit for stealing data from air-gapped machines, and Ars Technica lists the ones that have been detected. The toolkit is designed to provide multiple routes of infection of USB drives which are used to transfer data back and forth between an air-gapped machine and one that is connected to a network. Other modules are designed to infect the machines which those USB drives are plugged into, and only target the data which came from the air-gapped machines.
Alice Cooper has a song to play while reading the full article.