A new side-channel attack, dubbed RAMBO, can steal data from air-gapped systems by exploiting electromagnetic emissions from the system’s RAM. The malware manipulates RAM operations, transmitting data through electromagnetic signals that can be intercepted by nearby devices.
Key Developments:
- RAM Manipulation: Attackers plant malware to control memory operations, generating electromagnetic signals.
- Range & Speed: Data can be exfiltrated up to 7 meters away at speeds of 1,000 bits per second, making it feasible for stealing encryption keys, passwords, and other critical information.
- Cost-Effective: Attackers only need a low-cost Software-Defined Radio (SDR) to intercept the signals.
Why It Matters:
Even air-gapped systems, previously considered highly secure, are vulnerable to this new technique, presenting a significant threat to critical infrastructure sectors.
Action Items:
- Shielding: Implement electromagnetic shielding for air-gapped environments.
- Access Control: Tighten physical security around sensitive systems.
Process-Oriented Cyber OT: A New Defense Strategy
Given the unconventional nature of the RAMBO attack:
- Deep Process-Level Monitoring: Continuous monitoring of production processes can detect anomalies caused by unauthorized data transmission. Any unexpected changes in data behavior can be an indicator of a covert attack.
- Coordinated IT and OT Response: Collaboration between IT and OT teams is essential to identify and respond to electromagnetic anomalies. Swift action is crucial to prevent critical data theft from air-gapped systems.
For more details:
Bleeping Computer: New RAMBO Attack Steals Data Using RAM in Air-Gapped Computers