Today, we’ll be discussing one of the sneakiest and most common types of malware out there: Keyloggers.
In the following article, you’ll learn everything you’ll need to know about this type of spyware:
- What they are
- The risks they pose
- How to detect them
- Why malware detection tools are powerless against them
- What to do if your business gets infected
What are Keyloggers?
Keyloggers, as the name suggests, are a type of malware that log each keystroke you enter on your computer. This data is uploaded to a server for scammers to view, copy, or distribute as they see fit. While not exactly a type of social engineering, it often results in the same type of data loss:
- Login credentials
- Credit card information
- Banking details
They can even track which programs are used and which internet sites are visited. In other words, just about everything we do online. You name it, they have it.
In 2016, companies across 18 countries in the U.S., Middle East, and Asia were targeted with keylogger attacks delivered via malware embedded in an email. While this particular attack was unsophisticated compared to others out there, it’s just one example of how fraudsters are targeting business users with new forms of cybercrime.
And these threats don’t always come from malware; keyloggers can even come pre-installed on devices. In November 2017, 460 models of HP laptops were found to have dormant keyloggers in their registries—harmless on the surface, but easy targets for hackers to activate.
And if you’re a medical office that deals in HIPAA-protected patient information, this data theft can extend to just about every active patient you look up in your system.
The Dangers of Keyloggers
For medical offices, a keylogger breach is a true disaster. Whether the scammers receive data on individual patients or login credentials that let them access your entire patient portal, the patient privacy breach can lead to financial losses and legal penalties that may be too much for smaller offices to bear.
However, it’s important to note that unlike more malicious types of malware, the keylogger software itself really isn’t a bad thing. Keystroke monitoring is a common tool used in business IT monitoring, research settings, and for law enforcement purposes.
But thanks to the massive number of social engineering keylogger programs available these days, it’s becoming a common (and easy) way for us to spy on each other. This applies to individual users as well as users set on damaging a business.
Keyloggers are installed on our systems through the same channels as other types of malware:
- Infected website code
- Attachments from untrusted emails
- Piggybacking on a download (software, programs, or media files)
It’s also possible to install keyloggers through physical devices, often plugged into the USB port. This can be considered a type of social engineering, and is difficult to guard against with traditional cybersecurity practices.
Naturally, none of us can afford to have our every keystroke, every program, and every activity made public. Given that keyboards are our primary input device for most software, a device that tracks every keystroke can give scammers everything they need to gain unrestricted access to our systems.
How Will I Know If I’m Infected?
One of the worst things about keyloggers (aside from everything above!) is that they’re notoriously difficult to detect. They’re usually installed secretly in the background, and many ordinary antivirus programs and malware scanners can’t detect them.
If you suspect that your system is infected with a keylogger, you may need a specific software program capable of detecting these types of spyware. These are known as “rootkit malware” or “anti-rootkit” tools.
These programs have advanced scanning features that can detect keyloggers at multiple layers in the software stack. And while most individuals may not need this level of security, they’re absolutely crucial for business users who need to stay on top of their office’s IT security.
Keylogger Warning Signs
There’s no concrete way to tell if a keylogger is on your system aside from this type of in-depth scanning, but there are a few red flags you can watch for:
- Watch for strange input activity, such as an unresponsive mouse
- Note delays in typing on your keyboard and when the keystrokes appear on the screen
- Check for unknown devices attached to your computer or inserted into the CPU’s ports
The last one is key for business users. Even if your company has great cybersecurity, a physical device inserted into the computer can easily sidestep these protections.
Awareness Is the First Step
It’s important for all businesses—particularly those handling sensitive customer or patient data—to periodically check their computers for suspicious devices or unusual activity. If a keylogger is suspected, stop all activity on the device immediately and contact your company’s IT department.
Keyloggers are easy enough to remove once they’re identified, but they’re tricky to detect. Companies need to stay aware and stay active in their fight against malware and other types of social engineering.
Regularly inspect each device for unknown devices, keep your office staff up-to-date on proper cybersecurity procedures, and make sure your software is updated on schedule.