Definition
RAM scrapping is a method cybercriminals use to access sensitive information from a computer’s random access memory (RAM).
They can exploit software vulnerabilities or use malware to search for and extract valuable data directly from RAM, evading traditional security measures.
It is common in Point-of-sale attacks where attackers inject malware into the system to steal unencrypted credit card data stored briefly during transactions.
RAM Scrapping Examples
- 2013 Target data breach: Attackers used the BlackPOS malware to infiltrate Target’s point-of-sale (POS) system, leading to the theft of personal data from over 40 million customers.
- 2014 Home Depot breach: Cybercriminals used the BlackPOS malware to compromise the company’s POS system, exposing the personal information of over 56 million customers.
Preventing RAM Attacks
- Install reliable security software and keep it up-to-date.
- Update your operating system, software, and apps regularly.
- Employ robust access controls, such as two-factor authentication and advanced password requirements.
- Use endpoint protection (intrusion detection, memory monitoring, and behavior analysis) and configure network segmentation to separate critical systems.
- Encrypt valuable data at rest, in transit, and in memory and regularly back it up.