RAM Scrapers used in Credit Card Attacks

The recent series of attacks on large companies that stole credit card information have all used a common method of attack, according to an article on Wired.com by Kim Zetter.  The attackers gained entry to the companies’ point-of-sale systems and stole the information using a technique called RAM scraping.  The attackers were able to stealthily install these RAM scrapers on the hardware that scans and processes customers’ credit card information for transactions because they did not need to physically access the machines in order to install the attack software.  RAM scrapers can be installed remotely over the point-of-sale system’s network.  This is a capability that gives RAM scrapers an edge over the skimming software used to steal information from ATMs, which needs to be physically installed on the machines.  RAM scrapers are a highly versatile method of attack that can be changed and different features can be added or removed to suit the particular attack.  The specific technique used in the recent attacks on Target, Home Depot, and others works by viewing the list of processes that are running on the system and scouring the RAM for data that is in the format of credit card numbers.  The data is then usually encrypted and then stored somewhere on the victim’s network until a later time when the attackers can retrieve it remotely.

Source: http://www.wired.com/2014/09/ram-scrapers-how-they-work/

Advertisements