Security researchers from ESET recently discovered a new cyber espionage campaign codenamed "Ramsay" – a malware designed to steal data from air gapped networks separated from the internet or other online systems. According to the researchers, the Ramsay malware has the ability to infect computers that are isolated from the network, collect Word, PDF, and ZIP files in a hidden folder and then exfiltrate them.
Below is a comment from Marty Edwards, Vice President of Operational Technology Security, Tenable discussing why air-gapped networks are impractical in today's environment.
"There's a misconception that air-gapped systems are 'bullet-proof' given that they are isolated from online networks. In reality, systems that are disconnected from networks or air-gapped still have a large number of access vectors. Organisations need to consider access points such as removable media (sneakernet) or something more sophisticated like radio frequency signals (Tempest) within the operational technology (OT) environment to worry about.
"The interconnected environment we operate in today makes air-gapping systems impractical as business requirements in the form of 'smart services' are driving the need for real-time interaction between the world outside and the OT environment. If perimeter security is a concern – unidirectional devices can be utilised to ensure the appropriate separation of the networks."
