Last updated on February 12, 2023

What is Shimming and How It Can Impact Your Cyber Security

Shimming is a form of attack that targets a system’s security measures, making it an increasingly sophisticated cyber security threat. It works by creating a shim to buffer between a legacy program and the operating system, allowing attackers to intercept an API and change the arguments passed, redirect the operation or handle the data in some other way. This technique was first used with EMV chip cards as ATM skimming is not effective on these cards. In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip cards. To protect against shimming attacks, organizations should be aware of uncommon techniques that can be leveraged to maintain persistence and used from within user space.

What is Shimming?

Shimming is a type of cyberattack that targets a system’s security measures. It is a form of malicious software designed to bypass security measures and gain access to the system, often used to steal data or gain access to sensitive information. Shimming works by inserting malicious code into a legitimate process or application. When the program is executed, the shim cache is referenced to determine if it requires the use of the shim database (.sdb). If so, this database uses information from eavesdropped network communications which attackers can use to gain administrative privileges.

The shimming attacks are banking security issues that target EMV chip cardholders. This paper-sized device contains a microprocessor and flash memory which stores encrypted data for authentication purposes. To protect against these attacks, merchants must upgrade their terminals with Application Compatibility Framework (ACF) which holds considerable tactical value on modern computer systems as it was designed specifically for this purpose.

As U.S. merchants shore up physical point-of-sale security by upgrading their terminals with EMV chip cards, attackers are turning their aim towards other areas such as online banking and ecommerce sites where they can exploit vulnerabilities in order to steal personal information.

How Can Shimming Impact Your Cyber Security?

Shimming is a cyberattack technique that allows an attacker to insert malicious code into a legitimate process or application. This technique can have a significant impact on your cyber security, as it can be used to gain access to sensitive information such as passwords, credit card numbers, and other personal data. It can also be used to install malicious software on your system, which can be used to steal data or gain access to other systems.

Carding is another form of cybercrime that can lead to financial fraud. It involves the illegal use of stolen credit or debit cards in order to purchase goods and services without the cardholder’s knowledge or consent. Criminals may use shimming devices in order to obtain this information from unsuspecting victims.

Most people think of a shim as a wedge that holds a door open; however, in the modern era of credit card scams, “shim” refers specifically to an incredibly thin device that thieves attach onto ATMs and other payment terminals in order steal customer information from their cards.

Credit card skimming and shimming are two primary means by which hackers take sensitive data from its initial source and use it for fraudulent purposes. Skimmers are devices placed over existing payment terminals which capture customer data when they swipe their cards; while shimmers are inserted directly into the terminal itself.

Application Shimming is another type of attack vector related specifically with Windows applications compatibility framework created by Microsoft for programs running on different versions of Windows operating systems. Attackers may exploit this feature by inserting malicious code into legitimate processes or applications.

Credential stuffing is yet another way hackers take advantage of vulnerable systems in order gain access sensitive information such as usernames and passwords stored within them. By combining credential stuffing with credit card skimming/shimming techniques attackers have multiple ways at their disposal for stealing valuable data.

How Can You Protect Yourself From Shimming?

The best way to protect yourself from shimming is to ensure that your system is up to date with the latest security patches and that you have a strong password policy in place. Additionally, you should use two-factor authentication whenever possible and be sure to use a secure connection when accessing sensitive information. Shimming is a cyberattack technique that allows an attacker to insert malicious code into a legitimate process or application. To further protect yourself, consider using multi-factor authentication which combines two or more independent credentials such as what the user knows (e.g., password) and what the user has (e.g., security token). A second layer of security with two-factor authentication is the best way to protect your accounts from hackers as usernames and passwords can be stolen or guessed by an attacker, giving them access to your data and IT environment. By enabling Multi-factor Authentication (MFA), you can add an extra layer of protection for your computer by combining something you have like a phone or token with something only you know like a PIN code or passphrase.

To keep your computer up to date with the latest fixes and updates for your operating system, applications, plugins, etc., it’s important that you regularly check for new updates so they can be installed immediately upon release.

FAQ

What are some common shimming techniques?

Some common shimming techniques include DLL injection, process hollowing, and image hijacking.

What is DLL injection?

DLL injection is a shimming technique that allows an attacker to insert malicious code into a legitimate process. This technique is typically used to gain access to sensitive data or systems.

What is process hollowing?

Process hollowing is a shimming technique that allows an attacker to replace a legitimate process with their own malicious code. This technique is typically used to gain access to sensitive data or systems.

What is image hijacking?

Image hijacking is a shimming technique that allows an attacker to insert malicious code into a legitimate application. This technique is typically used to gain access to sensitive data or systems.

How can I detect shimming activity?

There are a number of signs that may indicate shimming activity. These include the presence of unfamiliar processes or applications, changes to system files, and the execution of code from unusual locations.

How can I remove shimming malware?

If you suspect that your system has been infected with shimming malware, you should remove it as soon as possible. You can do this by using an antivirus or antimalware program.

What is the difference between shimming and spoofing?

Shimming and spoofing are both techniques that can be used to bypass security controls. However, shimming inserts malicious code into a legitimate process or application, while spoofing impersonates a legitimate process or application.

What is the difference between shimming and code injection?

Shimming and code injection are both techniques that can be used to insert malicious code into a legitimate process or application. However, shimming inserts code into a system library or API, while code injection inserts code into the process or application itself.

What is the difference between shimming and DLL injection?

Shimming and DLL injection are both techniques that can be used to insert malicious code into a legitimate process. However, shimming inserts code into a system library or API, while DLL injection inserts code into the process itself.

What is the difference between shimming and process hollowing?

Shimming and process hollowing are both techniques that can be used to replace a legitimate process with malicious code. However, shimming inserts code into a system library or API, while process hollowing replaces the entire process.

What is the difference between shimming and image hijacking?

Shimming and image hijacking are both techniques that can be used to insert malicious code into a legitimate application. However, shimming inserts code into a system library or API, while image hijacking inserts code into the application itself.

What is the difference between shimming and spoofing?

Shimming and spoofing are both techniques that can be used to bypass security controls. However, shimming inserts malicious code into a legitimate process or application, while spoofing impersonates a legitimate process or application.