What is Keystroke Logging?
Keystroke logging – also known as keylogging, spyware, and more – is a hacking tactic that uses malicious software to monitor any keystrokes, allowing the attacker to see every word you type. Keyloggers can be used for legitimate purposes, such as parental control, employee monitoring, or police use, but more often than not they are used by cyber-criminals to steal confidential data.
This tactic is most commonly used to gain payment card details or account passwords that could grant the attacker direct financial gain – however, smaller details such as the user’s email, address, frequently visited websites, and messages to close friends could all be used for a convincing impersonation or heavily targeted phishing attack.
How is it delivered?
Like most malicious software, the most common delivery method is through the use of a social engineering email – the malware itself is hidden within attachments or links to fraudulent websites, ready to be installed as soon as it’s clicked. Through install and active use, keystroke loggers are incredibly hard to detect – even for most traditional security software – with the only notable signs being slower web performance and delayed mouse movements or typing on screen, but keyloggers can still be present without these problems occurring.
In 2016 security researchers detected a group of attacks focusing on companies from 18 different countries that all used the same commercial keystroke logger – Olympic Vision. These attackers approached the companies through email pretending to be business partners sending over invoices. Once the keyloggers were installed, the attack campaign focused its efforts on Business Email Compromise – gaining the log-in credentials for a business executive’s email account so that it can be hijacked and used to manipulate other employees within the company.
As keyloggers are hard to detect once installed, the best approach to avoid falling victim yourself is to implement the following best practices and make them a habit in your day-to-day:
- Be cautious of attachments & hyperlinks
Even with trusted sources, make sure you double-check email addresses, hover over hyperlinks, or even call the person/company you believe to be emailing you.
- Use secure passwords
Not only should passwords be long and complex – usually recommended at over 8 characters made up of upper & lower case letters as well as numbers and symbols – but they should also be unique for each account.
- Implement two-person authentication
two-person authentication, or the two-man rule, means splitting log-in credentials for confidential accounts across two people. This could mean giving one the account ID and one the password, or simply requiring the input of two separate passwords.