HomeMalware & ThreatsRAM Signals Expose Air-Gapped Networks to Attacks

RAM Signals Expose Air-Gapped Networks to Attacks

Published on

spot_img

A novel side-channel attack has been discovered by researchers from Ben-Gurion University of the Negev, posing a significant threat to highly secure networks. This new technique, known as the RAMBO (RAM-Based Radio Signals) attack, exploits radio signals emitted by random access memory in air-gapped computers, allowing attackers to exfiltrate sensitive data.

Air-gapped networks, which are physically isolated from the internet and have no wired or wireless communication channels, are commonly used in sensitive environments such as military installations and critical infrastructure. However, leader researcher Mordechai Guri demonstrated in newly published research that even these environments are vulnerable to sophisticated attacks like RAMBO.

The researchers found a way to manipulate the electrical currents flowing through a computer’s memory bus, generating electromagnetic signals that can be intercepted and decoded by attackers. By modulating these emissions to represent binary data, malware inside the air-gapped system can transmit sensitive information such as encryption keys, biometric data, or entire files to a remote receiver outside the network.

The attack is carried out in multiple phases, starting with compromising the air-gapped network through physical means like an infected USB drive or an insider threat. Once malware infects the target machine, it gains access to the memory and generates radio frequency signals by manipulating the RAM’s electrical activity. These signals can then be intercepted by attackers using a software-defined radio receiver and a simple antenna placed within a certain range of the compromised machine.

The key innovation of the RAMBO attack lies in using RAM to produce these covert signals, making it difficult to detect. The researchers were able to transmit data at a rate of up to 1,000 bits per second using on-off keying modulation technique, allowing for the quick exfiltration of sensitive information.

With RAMBO, attackers no longer need to rely on traditional methods like USB drives to extract data from air-gapped networks. As long as the target machine is operational, attackers can siphon off information through the radio signals generated by its RAM. To mitigate the risk posed by the RAMBO attack, potential countermeasures include covering sensitive machines with Faraday shielding, restricting physical access to air-gapped machines, disabling USB ports, and monitoring memory usage for suspicious activity.

While Faraday shielding can be costly and impractical for all environments, organizations are urged to assess their risk and determine the appropriate level of protection. As Guri emphasized, the threat of data exfiltration through RAM emissions is a reality that organizations need to prepare for.

In conclusion, the RAMBO attack presents a significant challenge to air-gapped networks, highlighting the importance of implementing robust security measures to safeguard sensitive data from sophisticated cyber threats. Organizations must stay vigilant and adopt proactive security measures to mitigate the risk of data exfiltration through novel attack vectors like RAMBO.

Source link

Latest articles

Ransomware Attack Leverages PsExec for Lateral Movement and NirSoft Toolkit for Credential Theft

Analysis of the GodDamn Ransomware Incident Recently, a targeted attack attributed to the GodDamn ransomware...

US SEC Considers Crypto Rule Proposal for July

Recent Developments in the Cryptocurrency Landscape In the world of cryptocurrency, significant developments have emerged...

Vibe-Coded Malware Detected in Active Directory Attack

AI-Generated Malware: A New Chapter in Cybercrime In a groundbreaking revelation, a cybersecurity firm has...

UK Cyber Agency Launches AI-Powered Cyber Shield to Combat Machine-Speed Attacks

In a recent development within the cybersecurity landscape, experts are increasingly recognizing the critical...

More like this

Ransomware Attack Leverages PsExec for Lateral Movement and NirSoft Toolkit for Credential Theft

Analysis of the GodDamn Ransomware Incident Recently, a targeted attack attributed to the GodDamn ransomware...

US SEC Considers Crypto Rule Proposal for July

Recent Developments in the Cryptocurrency Landscape In the world of cryptocurrency, significant developments have emerged...

Vibe-Coded Malware Detected in Active Directory Attack

AI-Generated Malware: A New Chapter in Cybercrime In a groundbreaking revelation, a cybersecurity firm has...