Keylogger

Keylogger

• Piece of software or hardware that records every single keystroke that is made on a computer or mobile device
• Potential to cause large-scale damage
• Get direct access to your personal and financial data
  • Leads to potential identity theft, financial fraud, and even corporate espionage

Software vs. hardware based

• Keyloggers can be either software-based or hardware-based

• Software Keyloggers

  • Malicious programs that get installed on a victim's computer
  • Often bundled with other software or delivered through social engineering attacks, like phishing or pretexting attacks
  • Can also evade antivirus detection if they are sophisticated enough
  • Once activated, it can operate silently in the background, capture every keystroke and then transmit it back to the remote server that's controlled by a threat actor.

• Hardware Keyloggers

  • Physical devices that need to be plugged into a computer
  • These will resemble a USB drive or they can be embedded within a keyboard cable itself
  • Harder to deploy on a larger scale, but they can be very effective for use in a more targeted attack, specially since these hardware devices are immune to software-based detection methods, like anti-malware scans.
  • PC actually believes is a legitimate keyboard.

Risk of keyloggers

• Keyloggers present a lot of risk to systems and privacy
  • Victims can have their usernames, passwords, credit card numbers and other sensitive information stolen by these keyloggers.
  • The stakes can be even higher from the corporate perspective, risking
    • Login credentials
    • Contents of Confidential Emails
    • Company's Proprietary Data
    • Company's Strategic Plans
  • Which could result in
    • Financial loss
    • Damage to the Organization's Reputation
    • Legal Repercussions
    • Loss of Competitive Advantage

Protecting agains keyloggers

• To protect your organization from keyloggers, ensure the following

1. Perform regular updates and patches
   • Your organization needs to assure that known vulnerabilities are not being excluded by a keylogger.
2. Rely on quality antivirus and anti-malware solutions
   • Detect and quarantine any keylogger software that may be installed on your system
   • Conduct regular scans
3. Conduct phishing awareness training for your users
   • Be cautions when downloading from untrusted senders
4. Implement multi-factor authentication systems
   • Even if password was captured, the threat actor would be unable to access your account since he needs an additional factor
5. Encrypt keystrokes being sent to your systems
   • Protect your system by implementing keystroke encryption
6. Perform physical checks of your desktops, laptops, and servers
   • Regularly inspect system hardware to detect devices like hardware keyloggers