RAM Malware: A scraping danger for POS systems
5 min read
24 March 2014
At any point and time, your credit card information might fall into the wrong hands. This is a sobering thought, and for good reason. Criminals have found numerous ways to obtain credit card information and other personal data in just a matter of seconds.
Oftentimes, the schemes are discreetly set up so that you don’t know you have been victimised until later on. RAM scraping is just one type of weapon these criminals are using to obtain your valuable information. Recent reports indicate it has come back with a vengeance. Fortunately, there are ways to stop this scraping.
Understanding RAM scraping
Web scraping is when a computer software technique is used to get information from websites. This information can range from stealing information from a website and posting it as one’s own work, to obtaining valuable data such as credit card numbers. Whether it’s on a smaller scale or a much larger one, scraping can do a lot of damage in a very short period of time.
Although the general principle of RAM scraping is the same, it works in a slightly different manner than most types of scraping. Whenever you make a transaction, whether it’s at the grocery store, the shopping mall, a restaurant, or somewhere else, payment systems encrypt the data and store the records to be processed later.
However, there is a weak spot in this process. Although this weakness lasts for milliseconds, it is enough time for RAM scraping to take place. Think of it as having a package or item delivered to you with a lock on it. Despite having the key, you will still need to open the package to see what’s inside. This is the same scenario that happens when your credit card information is decrypted.
During that time, the credit card number is momentarily stored in the system memory of the server that is processing the payment. Once this phase occurs, the data is temporarily unencrypted. This process normally takes milliseconds to complete. As soon as the payment has been verified, the subsequent transaction in the line comes through and the process is repeated, and the credit card numbers from your transaction are overwritten.
The scraping technique may have been around for awhile, but has become known in recent years as it is widely used to compromise payment systems as seen by several high profile incidents in the media recently.
RAM scraping in the media
One recent incident that left many consumers fearful is the Target security breach, which occurred at the end of 2013. During this breach, 40m credit and debit cards were exposed. The company admitted that customers’ PIN data had been obtained, but stressed this information was strongly encrypted throughout the process. In early 2014, US CERT cautioned that there are many examples of sophisticated software scouring RAM in search of valuable credit card information.
It has been reported that the attack against Target, as well as Neiman Marcus, may have involved RAM scrapers. According to these reports, the criminals were able to steal personal data and credit card information from 110m people. Although Target CEO Gregg Steinhafel admitted to investigators that malware was found on the company’s point of sales systems, and that it is likely the attackers used methods other than RAM scraping to commit the crime.
Protecting against RAM scraping
To avoid getting caught up in a mess of stolen credit card data or other important information, adequate protection is vital. One good resource is end point security with malware protection tool. End point security requires every computer device on a network to comply with specific standards before access is granted. Technology, such as iPads, laptops, smart phones, and specialised equipment, are included in end point security systems.
Remember, there are several ways to keep a system protected against RAM scraping. The trick is to find the one that works the best for your situation.
Jacob loves to share his insights on technology. He enjoys writing on topics like web security and technology etc.