#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Air Gap Hacking | Breaking Cybersecurity News | The Hacker News

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

Aug 01, 2023 Cyber Attack / Data Safety
A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called  APT31 , which is also tracked under the monikers Bronze Vinewood, Judgement Panda, and Violet Typhoon (formerly Zirconium), citing commonalities in the tactics observed. The attacks entailed the use of more than 15 distinct implants and their variants, broken down into three broad categories based on their ability to establish persistent remote access, gather sensitive information, and transmit the collected data to actor-controlled infrastructure. "One of the implant types appeared to be a sophisticated modular malware, aimed at profiling removable drives and contaminating them with a worm to exfiltrate data from isolated, or air-gapped, networks of indus
COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers

COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers

Dec 08, 2022 Data Protection / Computer Security
An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems. "The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop," Dr. Mordechai Guri , the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel and the head of Offensive-Defensive Cyber Research Lab, said in a  new paper  shared with The Hacker News. The mechanism, dubbed  COVID-bit , leverages malware planted on the machine to generate electromagnetic radiation in the 0-60 kHz frequency band that's subsequently transmitted and picked up by a stealthy receiving device in close physical proximity. This, in turn, is made possible by exploiting the dynamic power consumption of modern computers and manipulating the momentary loads on CPU cores. COVID-bit is the 
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

Jul 19, 2022
A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment ( SATA ) or Serial ATA cables as a communication medium, adding to a  long list  of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel,  wrote  in a paper published last week. The technique, dubbed  SATAn , takes advantage of the prevalence of the computer bus interface, making it "highly available to attackers in a wide range of computer systems and IT environments." Put simply, the goal is to use the SATA cable as a covert channel to emanate electromagnetic signals and transfer a br
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers

May 04, 2020
Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices. Dubbed ' POWER-SUPPLaY ,' the latest research builds on a series of techniques leveraging electromagnetic, acoustic, thermal, optical covert channels, and even power cables to exfiltrate data from non-networked computers. "Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities," Dr. Guri outlined in a paper published today and shared with The Hacker News. "The malicious code manipulates the internal switching frequency of the power supply and hence controls the sound waveforms generated from its capacitors and transformers.&q
Hacker Can Steal Data from Air-Gapped Computers through Power Lines

Hacker Can Steal Data from Air-Gapped Computers through Power Lines

Apr 12, 2018
Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have now shown how fluctuations in the current flow "propagated through the power lines" could be used to covertly steal highly sensitive data. Sound something like a James Bond movie? Well, the same group of researchers has previously demonstrated various out-of-band communication methods to steal data from a compromised air-gapped computer via light , sound , heat , electromagnetic , magnetic and ultrasonic waves . Air-gapped computers are those that are isolated from the Internet and local networks and therefore, are believed to be the most secure devices that are difficult to infiltrate or exfiltrate data. "As a part of the targeted attack, the adve
Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras

Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras

Sep 20, 2017
Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers which are difficult to infiltrate. However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the security of such isolated networks. Security researchers from Ben-Gurion University in Israel have previously demonstrated several ways to extract sensitive information from air-gapped computers. Now, the same University researchers have discovered another way to steal confidential information from air-gapped computers – this time with the help of infrared-equipped CCTV cameras that are used for night vision. Researchers have developed a new attack scenario, dubbed aIR-Jumper, which includes an infected air-gapped computer (from which data needs to be stolen) and an infected CCTV network (that has at least one CCTV insta
10 Things You Need To Know About 'Wikileaks CIA Leak'

10 Things You Need To Know About 'Wikileaks CIA Leak'

Mar 08, 2017
Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas
WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details

WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details

Mar 07, 2017
WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA). WikiLeaks announced series Year Zero , under which the whistleblower organization will reveal details of the CIA's global covert hacking program. As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7 , which includes a total of 8,761 documents of 513 MB ( torrent  | password ) on Tuesday, exposing information about numerous zero-day exploits developed for iOS, Android, and Microsoft's Windows operating system. WikiLeaks claims that these leaks came from a secure network within the CIA's Center for Cyber Intelligence headquarters at Langley, Virginia. The authenticity of such dumps can not be verified immediately, but since WikiLeaks has long track record of releasing such top secret government documents, the community and governments should take it very seriously. CIA's Zero-D
This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers

This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers

Sep 05, 2016
Air-gapped computers that are isolated from the Internet or other networks and believed to be the most secure computers on the planet have become a regular target in recent years. A team of researchers from Ben-Gurion University in Israel has discovered a way to extract sensitive information from air-gapped computers – this time using radio frequency transmissions from USB connectors without any need of specialized hardware mounted on the USB. Dubbed USBee , the attack is a significant improvement over the NSA-made USB exfiltrator called CottonMouth that was mentioned in a document leaked by former NSA employee Edward Snowden. Unlike CottonMouth , USBee doesn't require an attacker to smuggle a modified USB device into the facility housing the air-gapped computer being targeted; rather the technique turns USB devices already inside the facility into an RF transmitter with no hardware modification required. Must Read: BadUSB Code Released – Turn USB Drives Into Undete
New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

Aug 12, 2016
Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks. However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure. Previous techniques of hacking air gap computers include: AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes; BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys; Hacking air-gapped computer using a basic low-end mobile phone with GSM network; and Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack. Now, researchers have devised a new method to steal data from an infected computer even if it has no
AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

Nov 01, 2014
In order to secure sensitive information such as Finance, many companies and government agencies generally use totally secure computer systems by making sure it aren't connected to any network at all. But the most secure systems aren't safe anymore. Security researchers at the Cyber Security Labs at Ben Gurion University in Israel have found a way to snoop on a personal computer even with no network connection. STEALING DATA USING RADIO SIGNALS Researchers have developed a proof-of-concept malware that can infiltrate a closed network to lift data from a machine that has been kept completely isolated from the internet or any Wi-Fi connection by using little more than a mobile phone's FM radio signals. Researcher Mordechai Guri , along with Professor Yuval Elovici of Ben Gurion University, presented the research on Thursday in the 9th IEEE International Conference on Malicious and Unwanted Software ( MALCON 2014 ) held at Denver. This new technology is kno
Cybersecurity Resources