Retailers: How Vulnerable am I to RAM Scraping

You may have heard about Target's data breach that compromised the information of millions of customers, but have you heard about the culprit for the breaches? Learn more about RAM scraping here. The recent data breach at Target and Neiman Marcus is the worst data loss of its kind in retail history. Target alone may have lost data of over 110 million customers, which has not only affected its revenues, but impaired its relationship with customers. The culprit for the breaches: RAM scraping. This leads to an obvious question for retailers afraid of suffering a similar disaster: what is RAM scraping and how vulnerable am I? This guide will answer these questions, and more.

What is RAM Scraping?

Before we proceed, let's try to wrap our heads around the idea of RAM scraping. RAM -- for those who don't speak geek -- stands for 'Random Access Memory'. It is a type of computer storage that can store small amounts of information for short periods of time. Since RAM stores data 'randomly' (i.e. without any specific order), it is significantly faster than other forms of data storage. Every computing device has RAM. Due to its speed, RAM is typically used to store files temporarily before they can be processed by the computer. For example, when you run iTunes on your laptop, the computer first transfers the files from the hard-disk to the RAM where they are made accessible to the processor. Hacking and stealing files from RAM is called RAM scraping.

How RAM Scraping Works

Computers that store your financial data are usually encrypted. Credit card processors are similarly encrypted as well. The RAM which stores financial data before it can be transferred from credit card processors to computers, however, is insecure. This is because the computer needs to decrypt the data in the RAM before it can be processed. And this is exactly when RAM scrapers strike, searching the memory for 16-digit number combinations and storing it in a separate file.

How Vulnerable Are You to RAM Scraping?

It may have made all the headlines recently, but RAM scraping has actually been around at least since 2009. Sophos, which makes security software, warned about the phenomenon as early as December 2009. RAM scrapers didn't make an appearance in the wild until late 2011, when Sophos detected it in a number of hotel and university POS systems. The malware in question was classified under the Trackr family name - the same malware family that affected the Target POS systems. Since its appearance in 2011, this malware family has made constant appearance, particularly in the POS systems of hotels, retail stores, food services and healthcare services. A majority of incidents, 56 percent, happen in the US. This is followed by Germany, at 16 percent, Canada, with 9 percent, and the United Kingdom, at 8 percent.

How Can I Protect Myself Against RAM Scraping?

Unfortunately, the very nature of RAM scraping malware makes it very difficult to protect against. All data that goes into the RAM must be decrypted before it can be processed. Any malware that resides in the RAM, thus, gets complete access to your decrypted data. The only foreseeable way to stay safe from RAM scrapers - for now at least - is to erect watertight defenses around all points of infiltration. This means every possible infiltration point in the entire IT infrastructure chain must be kept secure - including servers, computers, and point-of-sale systems. Protecting servers and computers is easy since these are usually closely monitored. POS systems, however, are much more vulnerable. The Target malware, in fact, reached the data through the POS. The best way to protect your POS systems (and associated computers, servers, etc.) is through robust preventive measures. Some of the tactics you can adopt are:
- Monitoring disk activity for any suspicious file creation
- Using a robust firewall and antivirus
- Maintaining detailed logs of all user activity to pinpoint anomalies
- If possible, deny admin level credentials to your POS system
The truth is that RAM scraping is a new breed of malware. Most retailers are not equipped to deal with it, especially if the attack comes from within. Employing robust preventive measures is the best solution. Photo Credit: Damian Gadal via Flickr.

Written by: