BrightScan #ThreatIntelThursday | Keylogging ⌨️

Week 22: Keylogging!

This article is part of #ThreatIntelThursday @OpenAVN, an ongoing series that offers readers authoritative, but easily digestible, information about different malware, how they might be vulnerable to attacks, and what they can do to protect themselves. To read past Threat Intel Thursdays articles, click here. (We suggest starting from Week 1: Malware.)

Keylogging: Some Background

Such secure. Much type.

The first known keystroke logging, or keylogging, attack occurred in the former Soviet Union where the Soviet Intelligence agency used keyloggers on IBM typewriters and transmitted the information back to the Soviets via radio transmission. In 2017 Hewlett Packard reported that dozens of laptop touchpads had keyloggers installed by one of their contractors to provide for troubleshooting purposes. HP updated their software to overcome this oversight. Zoho (an Indian software provider) domains was also found to be infected by keylogging tools. Also in 2017, it was discovered that 132 Android applications were infected by keyloggers.

here’s the burning question: would you rather have a keylogger or a cat on your keyboard?

The history of keylogging is extensive, and most of us can’t even begin to fathom the pervasiveness of their effects. Keylogging is a form of spyware, which in turn is a form of malware, that gathers sensitive information from a target computer. Keyloggers record every keystroke entered on the victim’s computer, thereby gathering any sensitive information entered on that keyboard including credentials, financial or other account information. Keyloggers will have a mechanism to send the sensitive information back to the attacker. Keyloggers installed on mobile devices may collect call history and / or audio, messaging information, global positioning system (GPS) information or may capture screen images, or record using the phone’s microphone or camera.

Types of Keyloggers

Keyloggers can be hardware or software. Hardware keyloggers can be embedded in a computer’s hardware or installed as a plug between the keyboard and the system. Hardware Keyloggers can also come in the form of software where the attacker installs a program to record all entered keystrokes.

even typewriters can be infected with keyloggers, as we’ve learned

💡 Did you know? The #1 and #2 consumers of manual typewriters are The Kremlin and the NYPD.

Methods for Attackers to Install Keyloggers

Keyloggers can be installed by using social engineering, phishing or through Trojan horses. Physical keyloggers must be installed through physical access either to the target’s location or as part of the configuration / installation process. Keyloggers may also be used to snoop keystrokes transmitted from wireless keyboards to the system they are communicating.

Legality of Keylogging

Keyloggers are legal in certain cases — for example company’s IT departments may use them for technical troubleshooting or to monitor aberrant employee behavior. In many jurisdictions, employers must notify employees of monitoring activity. (We won’t address the ethics of employer monitoring employee activity here.) Parents may install keyloggers on their children’s computers to monitor unacceptable activity. With appropriate legal limits, law enforcement may legally use keylogging to detect illegal activity. Keyloggers, when installed on the owner’s computer with the owner’s consent, are legal; but keyloggers installed without the owner’s consent or to performs nefarious activities, are illegal.

To defend your system from keyloggingand other digital threats, a lightweight but heavy-duty Endpoint Protection Platform (EPP) is imperative. BrightScan is a cloud-based, blockchain-powered endpoint protection platform that can be customized to fit your needs and is user-friendly enough for the home office and powerful enough to protect large enterprises.

Contact our Head of Sales, Jourdan Parkinson, to schedule a free demo of our cloud-based EPP, BrightScan, or just to chat about how our products can work for you.

For more of the latest in cybersecurity, subscribe to OpenAVN’s blog right here on Medium. In addition to Threat-Intel Thursdays, we also write about breaking news, thought leadership, and deep-dives into cyber intel.

About the Author: Ted Udelson, PMP, CISSP, Security+, Network+, A+ is the chief learning officer and cofounder of Succinctive Training, LLC. Ted is also the author of “The Complete, Compact CISSP Study Program: How to Pass the Damn Exam!” Ted brings his over 35 years of experience in information security and technology to inform his writing for #threatintelthursday.