In the hacking world, all malicious tools have their respective heyday. This is when they make media headlines and fill the underground forum with news of their notoriety. While this may seem like a fun competition among its creators, it keeps security professionals on their toes.
These computer worms and viruses each had their time under the limelight. For example, remote-access Trojan viruses once reigned the field. This virus allowed hackers to open and keep a secret backdoor to access infected systems. After the Trojan virus, another virus making waves is the point-of-sale RAM scrapers.
What Is a RAM Scraper?
If you’re wondering what is RAM scraper, it’s short for random access memory (RAM) scraper. This is a virus hackers surreptitiously install on the point-of-sale (POS) systems scanning and processing credit and debit card transactions. With this tool, it’s easy to steal other people’s card numbers. VISA first warned the public about this scheme in 2008. Since then, hackers have improved the system and made it even more efficient and sophisticated in stealing card caches.
In 2013, hackers used this tool to steal customer magstripe data by breaching Target’s POS. According to Target, the thieves took 40 million customer names and their respective debit and credit card numbers. Though Target didn’t mention whether the hackers also took the PINs, it was clear that these hackers were planning to make counterfeit cards.
What Are the Different RAM Scraping Schemes?
Hackers sell RAM scrapers in the underground market. There are more than a dozen of these scrapers, and they all work in the same manner. These tools only differ in their POS system-infecting technique. The challenge for the hacker here is to develop a solid strategy to penetrate its target’s POS system. These tried-and-tested schemes include vulnerability exploitation, lateral movement, and social engineering.
Here are some typical RAM scraping schemes documented by experts and victim organizations:
Social Engineering and Phishing of Payment Networks
In some cases, hackers infect the system with a phishing attack, convincing merchants to visit a website or click on a sketchy file. On these files, hackers discreetly place malware. Social engineering and phishing attacks are effective methods to infiltrate computer systems with malware. Instead of sending these POS RAM scrapers to prospective victims through spam, hackers disguise them as malware. They then send these to pre-chosen targets through social engineering lures and phishing emails.
The targets receive an email that includes attachments and uses message body enticers to lure readers into opening or downloading the attachment. In other cases, the email contains malicious social engineering lures and URLs to entice the recipient to click the said links.
The moment the attackers access the business network or PC, they may work up the victim’s payment network, finding administrator credentials to access the coveted network.
Inside Jobs Hacking POS
This is the most challenging attack to guard against since it’s the company’s most trusted people who could exploit their privileges to carry out a vicious attack. A department store employee, for instance, can secretly insert a USB with a RAM scraper into the main credit and debit card-processing device.
This will most likely happen when disgruntled or angry employees try to seek revenge against their employers. This is also likely to occur when you have unscrupulous employees looking for quick cash. There are also cases wherein hackers pay willing employees to insert infected USB devices into servers or systems with sensitive data.