Air-gapping is used to protect the most sensitive of networks: voting systems, ICSes running power grids, or SCADA systems operating nuclear centrifuges just to name a few. In the first half of 2020 alone, three malicious frameworks devised to breach air-gapped networks emerged, making a grand total of 17 since Stuxnet in 2010. This prompted us to step back and reanalyze all those frameworks from the vantage point of having discovered and analyzed three of these in the past six years. We put the frameworks in perspective to see what history could teach us in order to improve air-gapped network security and our abilities to detect future attacks.

This exhaustive analysis allowed us to isolate several major similarities in all of them, even those 10 years apart. We pinpoint the specific areas of air-gapped networks constantly leveraged by malware and provide objective advice on how to best prioritize the deployment of resources to increase security.