Back
Logo  
november 2024
 

What is Keylogging?

It's a cyber attack in which a malicious agent gains access to a computer and installs software or hardware that records every keystroke the user makes, including confidential information. Once the user's data has been captured, it is sent to the attacker, who can use it for nefarious purposes such as identity theft, fraud, or espionage. Keylogging attacks can be initiated through various methods, including phishing emails, software vulnerabilities, and social engineering tactics.
Intro
 
 
What is a keylogger?

Keyloggers are a form of spyware. Their purpose is to secretly record what the user types on their device, both on physical and virtual keyboards, before passing this data on to an attacker. When you realise that people now use their smartphones, tablets, and computers to manage their finances, shop online, share their innermost thoughts, and much more, it's easy to see how keylogging can be so dangerous. It allows criminals to collect passwords, credit card details, and personal messages, leaving victims vulnerable to reputational damage and fraud.
 
 
Types of keylogging

There are two main types of keyloggers: hardware and software.

  • Software keyloggers: They infiltrate PCs, Macs, Androids, and iPhones via the same routes that other malware uses. One of these is phishing emails. They are designed to trick victims into downloading a file attachment that installs software on the device. Cybercriminals have known for a long time that humans are often the weakest link in the security chain, so they try to manipulate victims into letting their guard down and carrying out unsafe actions using social engineering techniques.
  • Hardware keyloggers: These are much less common, probably because they are slightly more likely to be detected. They are specific devices that need to be physically connected to another device while the owner is away from it and can be disguised as USB devices or USB wall chargers. Although hardware keyloggers are used more rarely, there have been cases of students using them to try to cheat in exams, and a keylogger was used to spy on colleagues at a left-wing German newspaper in 2015.

Sometimes devices can show unusual changes in behaviour without a clear explanation or apparent reason, which can be an indication of suspicious activity, such as the presence of a keylogger or other malicious software. These attacks, which are often discreet, can occur quietly and unnoticed.
 
 
How to protect yourself against keylogging attacks

It's important to keep all your software up to date, including browsers, operating systems, and applications, so that you always have the latest security updates. In addition to the basics, here are some other examples of what you can do to protect yourself:

  • Antivirus - Antivirus software is essential for all types of malware threats, including keylogging. Although there are free versions available, it's worth considering investing in premium solutions, as they tend to have the most comprehensive feature sets.
  • Firewall - As keyloggers send captured data back to the attacker, using a firewall can help block any unauthorised data transfer. It's not something you can rely on, but it's worth using in conjunction with other tools.
  • Physical Interventions - You can prevent physical access to USB and PS/2 ports by using a system enclosure, also known as a security box, which makes the devices tamper-proof and immune to keylogging.
  • Two-factor authentication - Using two-factor authentication (2FA) on all your important accounts ensures that even if an attacker gets hold of one of your passwords, they won't be able to use it in isolation. A typical approach with 2FA would be more or less as follows: when you try to log into an account using your password, a warning appears asking for another code, randomly generated each time, which is sent via SMS to your phone. If attackers can't access your mobile phone, you're effectively blocked.
  • Virtual keyboard - Mobile devices, and now some computers, have touch screens and the option to use a virtual keyboard, so this could prevent keyloggers that only record physical keystrokes. So it could be useful.
  • Checking the browser extension - Some types of keyloggers track your network activity so that they can appear in your browser as an extension. In most popular browsers, it's easy to get a list of your active extensions and check for anything that looks suspicious. If there's something you don't remember installing, remove it, or at least do a web search by name to see if anyone else has had the same problem.
 

Archive

2024

 What is Keylogging?

 October, the Cybersecurity Month

 Can deepfakes influence election results?

 Real-life Case: Ministry of Education recovers 2.5 million euros paid out in computer fraud

 Zero Trust Model

 Real-life Case: Fraud in company due to remote hiring

 The future of passwords

 Generative Artificial Intelligence: Managing Security Risks

 Real-life Case: The City Council of Seville in Spain has suspended all telematic services due to a ransomware attack

 What is Spoofing?

 Authentication in Cyberattack Prevention

2023

 Cybersecurity trends for 2024

 10 Steps for Safe Online Shopping

 October, the Cybersecurity Month

 How to Protect the Privacy of Your Mobile Phone and Tablet

 Social Media, a risk to cybersecurity

 8 tips to protect your information in the Cloud

 10 tips for cybersecurity that parents should know to protect children from online risks

 Prevention starts with creating a password

 Cybersecurity and ChatGPT

 Backups | The Guardian of Data Loss

 Dangers and challenges of AI in cibersecurity. Are you prepared?

 Phishing, Smishing and Vishing | Best Practices

2022

 Online fraud attempts to be on the alert in 2023

 Online shopping security | What we recommend

 Cybersecurity Awareness | 8 habits to have at Home and at Work

 Cybersecurity & Cookies

 Cybersecurity on Holiday and Travel

 Cloud Security

 Ransomware Awareness

 Mobile Security

 Physical Security

 Social Engineering

 PII or Personally Identifiable Information

 Cybersecurity trends for 2022

2021

 Avoid IoT Disasters

 Cybersegurity Quiz

 SOUP-D Tips to protect yourself from cyberattacks

 Multi-Factor Authentication

 Deepfake

 Zero Trust

 Ransomware

 Dangers when using a VPN

 Identity Theft in the Cloud

 Mobile Malware

 Creating Passwords

 Internet of Things

2020

 Identity Theft and Internet Fraud Scams

 Secure Online Shopping

 Think before you click quiz

 Proper use of the Internet

 Spear Phishing

 Security of PC's and other devices

 Vishing

 Backups

 Communication/Video tools

 Cybersecurity when working remotely

 Formjacking

 Ransomware

 Phishing

2019

 Online Shopping

 Passwords

Subscribe our newsletter.


Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.