RAM scraping
(also memory scraping)
RAM scraping definition
RAM scraping is a technique used by cybercriminals to extract sensitive data from a computer’s random access memory (RAM). It involves accessing the temporary storage where sensitive information such as credit card numbers, login credentials, or personal identification data could be stored. By exploiting vulnerabilities in software or using malware, attackers can search for and retrieve valuable information directly from the RAM, bypassing traditional security measures.
RAM scraping is commonly used in Point-of-Sale (POS) attacks. Malware is injected into the system, which monitors the RAM for unencrypted credit card data when it is briefly stored during transactions. Cybercriminals are also known to have targeted online banking platforms to extract login credentials and financial information from the computer’s memory while the user is logged in. This allowed the attackers to gain unauthorized access to the victim’s accounts.
See also: data leakage, firmware
Protection from RAM attacks
- Use reliable security software and keep it up to date. Regularly update the operating system, software, and apps used by everyone on the network.
- Use endpoint protection (memory monitoring, intrusion detection, and behavior analysis) and employ network segmentation to separate critical systems. Make sure to not only monitor system activity but also investigate suspicious behavior.
- Implement strong access controls — advanced password requirements or two-factor authentication.
- Encrypt sensitive data at rest, in transit, and in memory and regularly back up important data.
- Educate your users about cybersecurity best practices.
- Maintain physical security to limit unauthorized access.