Memory Scraping Attack Technique, Greatest Threat for 2011
Security researchers at the SANS Institute said they spotted one most perilous method for cyber attack known as "pervasive memory scraping" that expectedly would be employed during the current year (2011). ComputerWorld published this in news on February 25, 2011.
Said Chief Executive Officer Phil Lieberman of Lieberman Software, according to reports, the SANS Institute had found increasing clues of the said kind of assault technique. That implied that after an end-user of a Windows computer deployed protected software for viewing data, used it for the purpose and subsequently shut it down still that data could linger within the memory of the PC over a span of same period, the CEO explained. Help Net Security published this in news on February 24, 2011.
Actually, to use pervasive memory scraping, it's necessary that attackers acquire administrative rights for effectively gaining access to PII (personally identifiable information) along with other databases of sensitive information stored on a file in an encrypted form, stated Senior Security Consultant Ed Skoudis at InGuardians who's as well an instructor of events that SANS holds. TechWorld published this in news on February 23, 2011.
Explaining the attack technique further, Lieberman stated that despite the protected application detecting trojans or same kind of credential stealing malicious programs followed with blocking those malware, if the application was eventually shut down, a malicious code could still remotely scan the memory of that PC and lift its contents. Help Net Security published this in news on February 24, 2011.
Nevertheless, there's an easy solution for the above problem. Users require having a browser that's secured as well as a functionality of memory sandbox, implying that when the browser will be closed no indication will appear about the presence of the data. Alternatively, they must at the very outset load only secure data onto their PCs.
Says Lieberman, with the SANS Institute expressing worry regarding the security problem in discussion, people should already be alarmed. IT managers require knowing about the problem as well as ways to rectify while making sure that no adverse consequence would arise for their organizations, he adds.
» SPAMfighter News - 07-03-2011