Keylogger

Keylogger 

Keyloggers are a type of monitoring software designed to record keystrokes made by a user. One of the oldest forms of cyber threat, these keystroke loggers record the information you type into a website or application and send it back to a third party. (Dan Swinhoe, DEC 11, 2018 3:34)

Criminals use keyloggers to steal personal or financial information such as banking details, which they can then sell or use for profit. However, they also have legitimate uses within businesses to troubleshoot, improve user experience, or monitor employees. Law enforcement and intelligence agencies also use keylogging for surveillance purposes.

How do keyloggers work

According to Tom Bain, vice president of security strategy at Morphisec, Keyloggers collect information and send it back to a third party – whether that is a criminal, law enforcement, or IT department. “Keyloggers are software programs that leverage algorithms that monitor keyboard strokes through pattern recognition and other techniques.

The amount of information collected by keylogger software can vary. The most basic forms may only collect the information typed into a single website or application. More sophisticated ones may record everything you type no matter the application, including information you copy and paste. Some variants of keyloggers – especially those targeting mobile devices – go further and record information such as calls (both call history and the audio), information from messaging applications, GPS location, screengrabs, and even microphone and camera capture.

Keyloggers can hardware- or software-based. Hardware-based ones can simply nestle between the keyboard connector and the computer’s port. Software-based ones can be whole applications or tools knowingly used or downloaded, or malware unknowingly infecting a device.

Data captured by keyloggers can be sent back to attackers via email or uploading log data to predefined websites, databases, or FTP servers. If the keylogger comes bundled within a large attack, actors might simply remotely log into a machine to download keystroke data.

How hackers use keyloggers

The first keyloggers were used by the Soviet Union in the 1970s to monitor IBM electric typewriters used at embassies based in Moscow. They would record what was typed and send the information back to Soviet intelligence via radio signals. Today spyware such as keystroke loggers is a common part of the cyber-criminal toolset to capture financial information such as banking and credit card details, personal information such as emails and passwords or names and addresses, or sensitive business information around processes or intellectual property. They may sell that information or use it as part of a larger attack depending on what was gathered and their motives.

These programs can be used to steal information like passwords, PII(personally identifiable information), and other critical information related to individuals and organizations. For example, if a keylogger can monitor the keystrokes of a database super admin within a large organization, they can gain access to things like laptops and servers that can ultimately expose large volumes of data they can monetize.

Keyloggers in the workplace

There is also a large but ethically questionable market for spyware — legal keylogging apps being used by people to spy on their family, friends, or partners. This is legal if the one downloading the spyware owns the device or the user knows, but this can often stray into stalking territory. Legal spyware apps that collect information on workers can be lax on security. For example, spyware provider mSpy has suffered at least two data breaches.

Sometimes called corporate keylogging, such monitoring software can use in testing, debugging, and user experience. “In an above-board corporate environment, keyloggers are also used to track the activity of users for IT security and regulatory compliance,” says Simon Sharp, international vice president at Observe IT. Keylogger records can be used to help administrators investigate system failures and establish the context around why a breach occurred; an administrator can instantly establish who entered a particular word or value associated with the incident under investigation and thereby understand who violated a policy, when and why.

IT can use keystroke data to help identify and fix user issues, assist with security and compliance efforts, and possibly provide additional forensic information in the wake of a security incident. They can also be used to flag potential insider threats, monitor employee productivity, or ensure corporate IT assets are only being used for work purposes.

Windows 10 comes pre-loaded with its type of keylogger for telemetry purposes. Grammarly – a popular spelling and grammar tool – has been described as “a keylogger with useful features” due to the fact it records what the user types while it is activated.

It is important, however, to remember that you must notify employees if they are being monitored in such away. Failure to do so could break laws around employee privacy. Any collected keylogger data should be encrypted.

How keyloggers infect devices

Keyloggers can be placed on machines in many different ways. Physical loggers require a person to be physically present to be placed on a machine, meaning such attacks are harder (but not impossible) to achieve, and more likely to come from an insider threat. Wireless keyboards can also be snooped on remotely. Software-based keyloggers are far more common and have multiple routes for entry. Infected domains are a common attack method

Malware-infected apps are also an issue. Google recently removed 145 apps from the Play Store that contained keylogging malware. As with many types of malware, loggers are often included in phishing emails containing malicious links. A new version of the HawkEye keylogger, for example, was spread via a spam email campaign bearing infected Word documents. Some variants, such as Fauxspersky, can spread through infected USB drives.

The biggest change in keyloggers has been the addition of evasive techniques that allow keylogging to slip past other detection mechanisms, such as antivirus,” says Bain. There are multiple ways that attackers are loading keylogging techniques into adware, which are commonly not whitelisted. When this happens, the adware is allowed to run or isn’t flagged, and subsequently not investigated because it’s meeting the detection criteria for many detection engines. Keyloggers often come bundled with other malware as part of a wider attack. Many keyloggers now come with ransomware, cryptocurrency mining, or botnet code attached that can be activated at the attacker’s discretion.

Ways of detecting and removing keyloggers

1. Monitor resource allocation, processes, and data

Observing resource allocation and background process on machines, as well as data being transmitted from the device outside the organization, can help identify if a keylogger is present. Keyloggers usually need root access to the machine, which can also be a telltale sign of a keylogger infection.

2. Keep antivirus and anti-rootkit protection up to date

According to Jeff Wichman, practice director for Optiv Security, As keyloggers often come bundled with other forms of malware, discovering keylogger malware might be an indicator of a wider attack or infection. Up-to-date antivirus protection and anti-rootkit protectors will remove known keylogger malware, but may warrant further investigation to determine whether the keylogger was just one component of a larger attack.

3. Use anti-keylogger software

Dedicated anti-logger software is designed to encrypt keystrokes as well as scan for and remove known loggers and flag unusual keylogging-like behavior on the machine. Blocking root access for unauthorized applications and blacklisting known spyware apps will also help.

4. Consider virtual on-screen keyboards

Virtual onscreen keyboards reduce the chance of being key logged as they input information in a different way to physical keyboards. This might impact user productivity, isn’t foolproof against all kinds of keystroke monitoring software, and doesn’t eliminate the cause of the problem.

5. Disable self-running files on external devices

Disabling self-running files on externally connected devices such as USBs and restricting the copying of files to and from external to computers may also reduce the possibility of infection.

6. Have a strong password policy

While checking task managers for unknown or suspicious installations, and recognizing odd occurrences such as keys pausing or not displaying on screen when typing can help individuals detect keyloggers in certain cases, the best way for organizations to stay safe is to ensure that their password policy is multi-faceted and that two-factor authentication is implemented across company accounts and devices. It’s important to never assume that the average antivirus technology is enough.


Comments

Post a Comment

Popular posts from this blog

Bloom Taxonomy Wheel

A table with showing ICT Skill, description of ICT skill, action verbs from Bloom’s Taxonomy that I can use to develop the skill and the App or Apps chosen from the Bloom Taxonomy Wheel.    Number Name of ICT Skill Description of Skill Action Verbs  Apps or Apps to develop my skill 1 Posting Skill to be able to publish a message  Post, Survey, Assess  Google Plus, Skype, Facebook, Twitter, Blogger   2 Bookmarking  Skill to record the address of a website, file. to enable quick access in future.  Locate, identify  Facebook, Twitter, Diigo, Day one   3 Uploading Uploading is the process of putting web pages, images and files onto a web server.  Share, Apply   Google docs, Facebook, Instagram, Twitter, Flickr, LinkedIn   4 Tagging  The action of attaching a label to someone or something. See, follow  Facebook, Instagram, twitter   5 Twittering  Skill to make a post on the social media application Twitter Follow  Twitter  6 Searching  A skill of finding a given value position in a list
Read more

The Community of Inquiry

Image
The Community of Inquiry   The Community of Inquiry (COI) model describes how learning takes place for a group of individual learners through the educational experience that occurs at the intersection of social, cognitive, and teaching presence. Social Presence   Social Presence Is the ability of students to identify their characteristics into the community of inquiry, communicate purposefully in a trusting environment, and develop interpersonal relationships by presenting themselves as real people. Instructional media such as computer conferencing engender high levels of a student to student and student to teacher interaction, they can support models of teaching and learning that are highly interactive and consonant with the communicative ideals of secondary or university education.  I have used Social Presence in online learning by meeting the minimum activity or assignment requirements. I can bring what I have to share with the class from their own experience in Telegram and Fa
Read more