Shimming attack
(also API hooking)
Shimming attack definition
A shimming attack, also known as API hooking, refers to a method where a bad actor introduces a small piece of code, or a shim, into a system. The intention is to intercept API calls, modify or monitor data, and potentially execute malicious activities. The shim typically operates at the kernel level, making it difficult to detect.
See also: honeypot, network intrusion protection system, man-in-the-middle attack, anti-phishing service, anti-malware
Shimming attack examples
- Data theft: Shimming attacks can be used to steal sensitive data, such as usernames, passwords, and credit card numbers, by intercepting data transfers between software components.
- Malware insertion: Bad actors can use shimming attacks to insert malware into systems, allowing for further exploitation.
Comparing shimming attacks to other types of attacks
Shimming attacks share similarities with man-in-the-middle (MitM) attacks, where attackers position themselves between two parties to intercept or manipulate data. However, while MitM attacks typically occur in network communications, shimming attacks happen inside the operating system.
Tips for protecting against shimming attacks
- Regularly update and patch software to ensure the latest security measures are in place.
- Utilize reliable security software capable of detecting and defending against shimming attacks.
- Adopt the least privilege principle, limiting the privileges of applications and users to only those absolutely necessary.