Published 08 Sep 2024

RAMBO Attack Targets Air-Gapped Systems via RAM

A new side-channel attack, dubbed RAMBO, can steal data from air-gapped systems by exploiting electromagnetic emissions from the system’s RAM. The malware manipulates RAM operations, transmitting data through electromagnetic signals that can be intercepted by nearby devices.

Key Developments:

  • RAM Manipulation: Attackers plant malware to control memory operations, generating electromagnetic signals.
  • Range & Speed: Data can be exfiltrated up to 7 meters away at speeds of 1,000 bits per second, making it feasible for stealing encryption keys, passwords, and other critical information.
  • Cost-Effective: Attackers only need a low-cost Software-Defined Radio (SDR) to intercept the signals.

Why It Matters:

Even air-gapped systems, previously considered highly secure, are vulnerable to this new technique, presenting a significant threat to critical infrastructure sectors.

Action Items:

  • Shielding: Implement electromagnetic shielding for air-gapped environments.
  • Access Control: Tighten physical security around sensitive systems.

Process-Oriented Cyber OT: A New Defense Strategy

Given the unconventional nature of the RAMBO attack:

  • Deep Process-Level Monitoring: Continuous monitoring of production processes can detect anomalies caused by unauthorized data transmission. Any unexpected changes in data behavior can be an indicator of a covert attack.
  • Coordinated IT and OT Response: Collaboration between IT and OT teams is essential to identify and respond to electromagnetic anomalies. Swift action is crucial to prevent critical data theft from air-gapped systems.

For more details:

Bleeping Computer: New RAMBO Attack Steals Data Using RAM in Air-Gapped Computers


Protecting the Process Layer of Critical Infrastructure with an unhackable source of truth
Our blog

Lastest blog posts

Tools and strategies to keep your infrastructure safe.

SEC Item 106: Integrating Operational Technology into the Financial Risk Framework

25 June 2026

Adopted in 2023, SEC Item 106 is a mandatory disclosure requirement within Regulation S-K that expands cybersecurity risk disclosure to include risks...

NIST SP 1800-41: A Shift to Industrial Cyber Resilience

25 June 2026

The National Institute of Standards and Technology (NIST) has released the Initial Public Draft of Special Publication 1800-41, Responding to and Recovering...

A Process Oriented Upgrade to Obsolete Incident Response Plabyooks

18 June 2026

In Operational Technology (OT) environments, Incident Response (IR) timelines are measured against operational uncertainty. The longer it takes to determine whether cyber...