211
submitted 3 weeks ago by misk@sopuli.xyz to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] conciselyverbose@sh.itjust.works 59 points 3 weeks ago

Did people think that not connecting to a network was a magic technique that prevented infections from being spread on USB drives if you move them back and forth?

[-] JasonDJ@lemmy.zip 42 points 3 weeks ago* (last edited 3 weeks ago)

It's weird for the title to focus on the tools, and not the attack itself.

Two attacks on production air-gapped networks, with different tools, from the same group, is pretty damn impressive. Especially for a group not backed by a nation-state.

Edit: it sounds like this was a multi-stage attack...compromising a production non-airgapped internal system and using that to create the USB payload and later exfiltration. That's pretty cool. The mule who brought the infected USB into the air-gapped space was likely none the wiser...the media had been written by them, to their own USB, and probably even hardware encrypted at rest (something like an Apricorn).

[-] lud@lemm.ee 1 points 2 weeks ago

it sounds like this was a multi-stage attack...compromising a production non-airgapped internal system and using that to create the USB payload and later exfiltration. That's pretty cool. The mule who brought the infected USB into the air-gapped space was likely none the wiser...the media had been written by them, to their own USB, and probably even hardware encrypted at rest (something like an Apricorn).

Yeah, that's pretty damn impressive.

[-] specialseaweed@sh.itjust.works 11 points 3 weeks ago

No but it’s a good start. The problem is that literally everyone would do it, from directors to the lowest paid people on the job. EVERYBODY does it. We detected and blocked, so then they started hardwire connecting to switches that they saw in offices. We had blocked those, so they started trying to connect to industrial switches out in the factories.

It was maddening.

[-] Badeendje@lemmy.world 3 points 3 weeks ago

But switches have all ports set to shut and open ports bound to the device connected.. or is this not common?

[-] specialseaweed@sh.itjust.works 3 points 3 weeks ago

It depends on the environment for sure. That was standard at the end of my career but definitely not at the beginning.

[-] corsicanguppy@lemmy.ca 1 points 2 weeks ago

literally

There are other adverbs.

everyone would do it, from directors to the lowest paid people on the job

Ensure the kernel filters out all USB except for the major/minor used by mice and keyboards. This is absolutely standard for secret-squirrel shit. Default to rejected, but allow a few.

[-] specialseaweed@sh.itjust.works 2 points 2 weeks ago* (last edited 2 weeks ago)

This was a long time ago in a different world. I’m an old man now. My job now is coaching soccer and gardening and baking, but thanks for writing that. Hopefully new admins see it.

And it was literally.

[-] Nighed@feddit.uk 2 points 2 weeks ago

There are 'keyboards' that when plugged in type Win+R CMD.exe then do whatever you want. (Other terminals are available)

I guess that stops users from trying in the first place though.

this post was submitted on 09 Oct 2024
211 points (97.3% liked)

Technology

58981 readers
3940 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS