Keyloggers, or, keystroke loggers, are one of the oldest types of malware still in existence today; they were first used by the Soviet Union to spy on US diplomats during the Cold War. To plant this spyware, Soviet Intelligence secretly intercepted US IBM Selectric typewriters whilst in transit, and installed on them electromechanical implants that would record every key pressed and transmit this information back to them in real-time. These keyloggers went undetected for eight years and were only discovered following a tip from a US ally in 1983.
Today, our technologies have advanced beyond typewriters—and keylogging tools have evolved alongside them. Laptops, computers and smartphones are all at risk of keylogging tools, enabling hackers to turn our most commonly used devices into snooping machines. But how much of a threat are keyloggers to organizations?
Well, keyloggers are designed to log every single key pressed on a user’s keyboard as they type, recording the information leaving their fingertips before it even reaches their screen. Although a type of malware, it’s for this reason that we can subcategorize keyloggers under “spyware”. Think of a keylogger as an invisible spy living within a user’s device, constantly listening in the background and recording conversations, passwords, and sensitive information. Sounds invasive, right?
What’s surprising is that in certain circumstances they are legal to use and install—whether they’re ethical is a whole other question. But of course, keyloggers are widely and illegally used by cybercriminals looking to secretly record their victims’ sensitive information—and it happens more often than you might think. From July to September 2020, keylogger software was identified in more than 60% of phishing attacks. And as well as that, it’s estimated that 80% of keyloggers are undetectable by antivirus software and firewalls.
So, if it takes just one click from one employee to expose your organization to software-based keyloggers alone, how do you protect your organization against these kinds of attacks? The short answer is that prevention is the best defense. In this guide, we’ll outline what keyloggers are, how they work, and how you can defend your organization against them.
The Two Types Of Keyloggers
Variety is the spice of life. But it’s also dangerous. As with all kinds of cyberthreats, keyloggers come in many shapes, sizes, and types. Kaspersky Labs alone have identified more than 300 families of software-based keyloggers. But despite this level of variety, we can split keyloggers into two main categories: hardware and software.
Software keyloggers are far more common, and are more likely to pose a threat to your organization. But that doesn’t mean you should ignore hardware keyloggers when considering your safety measures—after all, it was these that went undetected for eight years on US typewriters.
Software keyloggers are programs that infect victims’ devices via direct installation of malicious software. Most commonly, they hide inside downloads and applications installed by users under the belief that the application or program was trustworthy, or because they were tricked into clicking a malicious link or application.
In fact, the three most common ways for software keyloggers to infect devices are:
- Trojan viruses: the most common method of infecting victims’ devices, trojans trick the user into believing they’re downloading a trustworthy tool or application, but hide malware such as keyloggers within.
- Spear phishing: software keyloggers are often included inside phishing emails, and can be installed as a result of the victim clicking on a malicious link within. But it’s not only emails, victims can also be targeted via SMS, P2P networks, social media, and instant messaging.
- Drive-by download: while visiting infected or malicious sites, keylogging software can automatically be installed on users’ devices in the background, without their knowledge. These can be installed by a web page script exploiting a browser vulnerability.
Hardware keyloggers, on the other hand, are often small devices or physical components that can be installed on or directly connected to victims’ computers. These can easily be embedded within a computer’s internal hardware, fixed as a hardware bug inside the keyboard, or installed inside the wiring between the keyboard and CPU.
While uncommon, hardware keyloggers are particularly dangerous because they can’t be detected by security software. And unless the victim thoroughly and frequently checks their device hardware, they’re likely to go unnoticed.
Unlike their software counterparts, hardware keyloggers can’t be installed remotely. To install a hardware keylogger, the hacker needs physical access to their victim’s device. Organizations are perhaps more vulnerable to this now that many employees are currently working from home, rather than inside secure buildings—but nonetheless, software keyloggers remain a far greater threat.
So, now that we know what keyloggers are and how users can become infected, how do they work?
How Do Keyloggers Work?
A keylogger’s main aim is to hide within the victim’s system, secretly recording their keystrokes and sending this data back to the hacker. Picture it this way, for a user, having their device infected is like someone standing over their shoulder as they type—the person watching has a clear front-row view of every character they press.
To capture keystroke data, the keylogger must sit between the victim’s keyboard and screen, capturing the information while in transit. To go unnoticed, many keyloggers have rootkit functionality, making them almost impossible to detect—but unlike other types of malware, they cause no harm to the victim’s device itself.
The most basic keyloggers might only capture keystrokes entered into a specific website or application, but more advanced keyloggers can record everything typed by the user across their entire device. Information captured can include usernames and passwords, email addresses, financial information, PIN codes, credit card numbers, personal information, and more. This means that victims of keylogger attacks are not only vulnerable to account breaches and hacks, but identity fraud and leaks of personal information too. As well as this, capabilities vary, but some keylogger variants can capture clipboard information, GPS data, screenshots, and screen recordings.
To send data back to hackers, software keyloggers can automatically transfer captured keystrokes via a remote server. Hardware keyloggers are trickier, as they can require the hacker having to physically return to the device to collect the keylogger and download the data from it later. But in some circumstances, hackers might remotely connect to the hardware keylogger via Wi-Fi, and download the data in this way.
How To Protect Your Organization Against Keylogger Attacks
Keyloggers are a painfully real threat. In 2015, using a phishing email hackers tricked five employees from the parent company of several large healthcare providers into downloading a Trojan with hidden keylogger software inside. Using these keyloggers, the hackers secretly captured passwords protecting sensitive data, and managed to steal up to 80 million personal records.
So, how can your employees know if their devices are infected by keyloggers? The bad news is that, without proper awareness and security measures, they likely won’t know until it’s too late. Because keyloggers are designed to stay concealed and cause no damage to the system, victims can be spied on for months, or even years, without knowing. But the good news is that there are steps you can take to block keyloggers from entering your users’ systems and mitigate the damage that they can inflict if they do.
With this type of spyware, we recommend a multi-faceted approach. To help you protect your organization, we’ve put together a list of six key methods that you can adopt—ideally in combination—to mitigate your risk of a keylogger-related attack.
1. Powerful Anti-Keylogger Software
Installing a comprehensive and continuously up-to-date security suite is key to detecting and blocking keyloggers from entering your users’ systems. Dedicated anti-keylogger software is designed to detect and remove keyloggers that are known by their database, as well as encrypt keystrokes and highlight unusual behavior. Anti-keylogger software can be installed on its own, or alternatively, some vendors might offer it as part of their antivirus solution.
It’s important to note that this software will be unable to detect hardware keyloggers, which is why it’s vital to implement additional measures alongside it.
2. Strong Firewalls And Web Security
Firewalls monitor network activity and block potentially harmful online content from reaching users’ devices. By installing a firewall at a high-security setting, you can ensure any programs attempting to run on users’ devices will need permission or display a warning beforehand. Web security gateways can also help block access to suspicious webpages and domains in real-time, protecting users against potential online threats. These will help reduce the likelihood of catching keyloggers by drive-by downloads, and grant your users a better view of the programs running on their devices.
3. Virtual Keyboards
A virtual keyboard enables users to type using software rather than by using physical keyboards, and mimics the layout of a hardware keyboard. Virtual keyboards can come in many forms, including on-screen keyboards where users can click the “keys” using their mouse, or even as a projection where users can type in the air or on a flat surface. In this way, users aren’t pressing any physical keys, and so there’s no keystroke information for keyloggers to capture. This is great protection against basic keyloggers, but more advanced varieties might be able to capture screen recordings and screenshots. Additionally, this method is best suited when accessing sensitive or critical data—it’s likely not practical when used as a full-time solution on a laptop or PC.
4. Security Awareness Training
For your employees, knowing what they’re up against is half the battle. Staff awareness of keyloggers, how they can catch them, and how they can defend their devices against them is vital when it comes to preventing keylogger-related attacks. Security awareness training helps educate employees on advanced cyberthreats through engaging modules and phishing simulations—and many vendors offer modules that cover keyloggers and spyware specifically. By implementing security awareness training, you can teach your employees to spot the signs of malware within phishing emails, teach them not to download or click on suspicious content, and warn them against visiting malicious webpages where drive-by malware can be downloaded.
5. Password Managers And Passwordless Authentication
A keylogger can’t record what isn’t typed, and so using password managers and passwordless methods of authentication are ideal ways for organizations to protect users’ accounts from breaches. Password managers work by creating, storing, and auto-filling users’ credentials and can be unlocked using a device’s built-in biometric scanner, for example. Passwordless authentication works by enabling users to log into their accounts using alternative methods of authentication, such as biometric data, authenticator apps, one-time passwords, FIDO2-compliant hardware keys, and more. This way, users are never physically entering their credentials, and so this information can’t be captured by keyloggers.
6. Multi-Factor Authentication (MFA)
Implementing strong identity and access management solutions helps ensure that even if a hacker manages to capture an employee’s credentials, they still wouldn’t be able to access their accounts. Strong MFA adds additional authentication factors—such as biometric authentication or authenticator apps—to the log-in process, meaning a user’s account is never just protected by their credentials.
To protect your organization against keyloggers and emerging threats, it’s vital to continuously stay ahead of the curve with your security measures, as well as implement a multi-layered, multi-faceted approach. Keyloggers are, of course, just one cyberthreat of many facing organizations today. But with the appropriate security measures, you can make them less threat to worry about.