Recently, a sophisticated attack targeted air-gapped systems within European government entities, revealing vulnerabilities even in environments specifically designed to be isolated from potential cyberthreats. The attackers used custom malware to bridge the gap between air-gapped networks and the internet, compromising the security of highly sensitive systems. This incident highlights the need for solutions that are purpose-built to protect critical networks and infrastructure, even when it is not directly connected to external networks.
Understanding the Attack
Air-gapped systems are intentionally disconnected from the internet to prevent cyberthreats from reaching them. However, in this case, attackers used a custom malware strain capable of infecting systems that are temporarily or indirectly exposed to external devices, such as USB drives or other removable media. This type of attack, in this case known as GoldenJackal, exploits gaps in how data is transferred to and from isolated networks, allowing the malware to gain a foothold on these otherwise secure systems.
Once the malware made its way into the air-gapped environment, it could exfiltrate sensitive data or compromise critical processes. These tactics demonstrate the evolving methods that cybercriminals use to bypass traditional security measures in isolated environments.
How OPSWAT Solutions Mitigate These Risks
To defend against attacks that target air-gapped systems, operators of critical networks and infrastructure need specialized tools designed to control and secure data transfers. OPSWAT MetaDefender Kiosk and MetaDefender NetWall provide two crucial layers of defense, ensuring that even the most secure environments remain protected.
MetaDefender Kiosk: Securely Scanning Peripheral and Removable Media
One common attack vector for air-gapped environments is through USB drives and other peripheral and removable media. Organizations and government entities should look to establish strict scanning policies—and moreover—ways to enforce them. MetaDefender Kiosk addresses the first part of this challenge by providing a secure solution for scanning and sanitizing files before they enter an isolated network. By leveraging MetaScan™ Multiscanning and Deep CDR™ technologies, MetaDefender Kiosk detects malware embedded in files, including custom malware that might be used in targeted attacks. The solution scans files across multiple anti-malware engines, maximizing the likelihood of detecting even the most sophisticated threats before they can breach a critical environment.
With the addition of MetaDefender Endpoint, critical systems prevent unscanned USB devices from mounting, ensuring that only scanned media can interact with the air-gapped network. This prevents a threat actor—or less maliciously, user error—from bypassing a MetaDefender Kiosk scan as an added layer of protection.
For example, in the European government breach, if a solution like MetaDefender Kiosk had been in place, it could have intercepted the custom malware as it was introduced via USB devices. MetaDefender Kiosk’s multilayered approach and advanced threat detection capabilities would reduce the risk of unauthorized software reaching sensitive systems.
MetaDefender NetWall: Enforcing Unidirectional Data Transfer
Another key element in protecting air-gapped systems is controlling how data moves in and out of these environments. MetaDefender NetWall offers a solution by enabling unidirectional data transfer through its unidirectional gateway and optical diode. This approach ensures that data can flow in only one direction, preventing unauthorized data from being exfiltrated back through the same channel.
By using MetaDefender NetWall, organizations can enforce strict controls over what data enters and exits the air-gapped network, minimizing the chances of sensitive information being leaked if an initial breach occurs. This would make it significantly harder for attackers to extract data, even if they manage to implant malware in the air-gapped environment.
MetaDefender NetWall also seamlessly integrates with MetaDefender Kiosk, providing a solution that allows files to be transferred into the secure environment without the need to carry portable across the security boundary. This solution not only ensures files are sanitized, but it can also restrict which files are transferred, limiting transfer to only files that are relevant to the systems in the secured environment.
Supporting NIS2 Compliance with OPSWAT MetaDefender Solutions
Dealing with targeted threats like GoldenJackal goes beyond threat prevention. The European Union's NIS2 (Network and Information Security Directive 2) sets stricter requirements for cybersecurity, particularly for operators of essential services, including those in critical infrastructure sectors. NIS2 emphasizes the importance of safeguarding against cyberthreats, securing data transfers, and maintaining incident response protocols. Compliance with NIS2 is crucial for organizations in the EU, as it not only ensures a higher level of security but also helps avoid potential penalties for failing to meet the directive's standards.
By incorporating OPSWAT MetaDefender Kiosk and MetaDefender NetWall into their security strategies, OPSWAT helps when it comes to meeting many of the critical requirements set out in NIS2:
1. Enhanced Security for Data Transfers
MetaDefender Kiosk enables organizations to securely manage removable media by scanning and sanitizing all incoming files. This aligns with NIS2’s requirements for controlling external data sources and minimizing the risks of introducing malware into critical systems. By ensuring that only clean, verified data is transferred into secure environments, MetaDefender Kiosk helps organizations meet NIS2's emphasis on mitigating risks from external connections.
2. Robust Network Segmentation and Data Integrity
MetaDefender NetWall’s unidirectional gateway capabilities help ensure the secure transfer of data into air-gapped or segmented networks, while preventing unauthorized data from leaving these secure environments. This supports NIS2’s focus on protecting the integrity and availability of critical network infrastructure by controlling how data moves across different network zones. The solution’s ability to enforce unidirectional data flow helps organizations establish a clear boundary between sensitive and non-sensitive networks, which is a key aspect of maintaining NIS2 compliance.
3. Incident Prevention and Risk Mitigation
Both MetaDefender Kiosk and NetWall together offer advanced threat detection and data control measures, which contribute to incident prevention—a core component of NIS2. By stopping malware before it enters a network and preventing unauthorized data extraction, these solutions help reduce the likelihood of incidents that could compromise critical services. This proactive approach supports organizations in adhering to NIS2’s mandates for continuous risk assessment and mitigation.
In the context of the recent attack on air-gapped European government systems, the ability to meet NIS2 requirements becomes even more critical. By using OPSWAT’s solutions, organizations can strengthen their cybersecurity posture in a way that not only defends against sophisticated threats but also ensures compliance with evolving regulations. This dual focus on security and compliance enables organizations to operate confidently in a challenging threat landscape while maintaining their obligations under NIS2.
Building a Stronger Security Posture
The recent attack on European air-gapped systems serves as a reminder that no environment is immune to cyberthreats, regardless of how isolated it is. By integrating solutions like OPSWAT MetaDefender Kiosk and MetaDefender NetWall, critical infrastructure operators can ensure that their data transfer processes are secure and that potential threats are detected before they cause damage.
OPSWAT's approach to protecting air-gapped systems is grounded in the philosophy of, “Trust no file. Trust no device.™”, ensuring that every piece of data is verified before being allowed into a secure network. This strategy is essential for critical environments, where even a single breach could have severe consequences. Investing in advanced security solutions like MetaDefender Kiosk and NetWall can make the difference between a successful defense and a costly compromise.
Discover why OPSWAT solutions offer governments around the world a critical advantage in the fight against cyberthreats—talk to an expert today.
