The Silent Assassin – Keyloggers
A keystroke logger is a devious, unobtrusive spy lurking on your electronic devise, it works quietly and invisibly in the background recording every key struck on a keyboard to gain access to passwords and confidential information. They arrive just like any other malware, come in a multitude of variants and can be difficult to discover. You can be contaminated by simply visiting a website. A browser, app, or out of date operating system can be exploited to covertly contact a remote server authorising malware to be downloaded to your smartphone, tablet, or computer. Keylogging software can take screenshots of your activity, record from your microphone or deploy malicious code only when you’ve accessed online banking. When the cyber-criminal retrieves your log file, he will have access to your most sensitive data such as usernames, passwords, and credit card numbers, etc. Keylogging with spyware is ranked as the highest global malware threat by the NTT Security Threat Intelligence Report.
As employees return to the office post pandemic, many are working under a hybrid workplace policy that includes a predominant number of organisations enabling employees’ remote access to business networks through an RDP connection (Remote Desktop Protocol). A key impact of this policy is that many devices (endpoints) used by employees are unmanaged and are moving ‘into’ and ‘out of’ the network far more often and without protection opening the door for cyber-criminals to walk straight in. And, Mac’s are not immune. Cyber-criminals are out to catch everybody and there are numerous types of keylogging malware that directly target Mac users. Remember this is about capturing key information not infecting or disrupting your activities.
The key strategic action for a business is to ensure that their cybersecurity defence strategy is a multi-layered, swiss cheese approach. This means that you have multiple tools stacked side by side minimizing the chances of the risk. Each tool is layered behind each other so that the weakness in one defence is mitigated by the tool behind it.
What is the defence strategy?
At Computer Troubleshooters we recommend the following key elements for a robust defence strategy:
- Use a firewall – to be effective the keylogger must send data out from your computer via the internet. As the internet passes through a firewall there is a chance it will detect something is not quite right and stop the communication. It may not stop everything, but it is better to have one than not have one.
- Use a password manager – remember keyloggers are effective because they copy and log information. What happens if you do not type in a password? Nothing copied or logged! Use a password manager that auto fills the log-in form. (Note: some password managers use an auto type function enabling the keylogger to copy the virtual keystrokes. Also, a well-designed keylogger will periodically do screen captures).
- Patch management – Up to date system – this means ensuring that the operating system, all associated applications, and programs are updated regularly. This needs to be checked and maintained by your IT service provider. This is essential for any managed services support plan or a security support plan. Without updated software, keyloggers and other malware look for known exploits.
- Installed and maintained Anti-Virus and EDR (Endpoint Detection and Response) software – this is about ensuring you can detect malicious code and protect against known malware. The latest versions of your anti-virus will have the latest technologies to protect against all the latest threats. Computer Troubleshooters only work with the best of class solutions such as Webroot, ESet, Avast, and Bitdefender.
- Data scrambler/Encryption browser – used to protect highly confidential data by encrypting or scrambling the keys being logged by the keylogger. The log file obtained by the cyber-criminal is jumbled, random letters and numbers. This is bringing sophisticated technology form large enterprises down to the small to medium business. Computer Troubleshooters use and recommend Armored Client.
- Policy Enforcement – have a policy framework that includes a password change policy that is monitored and enforced by your IT service provider such as Computer Troubleshooters. The more frequent you update and change passwords the more you minimise the potential of a keystroke log attack.
The above is not a complete defence strategy. Incorporation of other tactical elements such as staff training, testing and data backup and recovery and support are also important.
To learn more:
If this article has raised some questions for you then it is suggested that you either undertake a cyber risk assessment at https://www.cyber.gov.au/acsc/small-and-medium-businesses After completing the assessment download the results and call your nearest Computer Troubleshooter for a review and a more detailed discussion.
Or call your nearest Computer Troubleshooter for a security audit on your existing systems and network.