Keyloggers: Be careful what you type
June 23, 2020
Are you one of those people who covers the keypad with their hand when they enter their PIN into an ATM? And when entering it into the supermarket’s card terminal? This basic (but effective) security measure does not require much effort and is increasingly common among users, who understand the need to take precautions to protect their banking transactions. Hiding your PIN when you use an ATM is a simple way to avoid nasty financial surprises in your bank account, but is not infallible. Cyber criminals sometimes turn to invisible spies to steal your sensitive information: keyloggers.
As its name indicates (“key”-“logger”), this term refers to a malicious computer program that secretly records every keystroke made by a computer user. Keyloggers are used to gain fraudulent access to confidential information such as personal details, credit card data, access credentials, etc.
There are two types of keyloggers, based on the method used to log keystrokes: software keyloggers and hardware keyloggers. Hardware-based keyloggers are rare, as they require having physical access to the victim’s device in order to manipulate the keyboard. However, software-based keyloggers are much more common, and may affect any device that is not properly protected. Usually, keyloggers are installed on target computers by other malware specimens, such as Trojans or viruses. For example, an attacker may trick the victim into clicking a malicious link, which then downloads the keylogger into the system.
Unlike other malware specimens, which delete data or hijack files and demand a ransom for their release, keyloggers are designed to go unnoticed while recording the user’s information. That’s why they are so difficult to detect. Keyloggers are usually employed in conjunction with other malicious programs, capturing keystrokes and sensitive information (bank account numbers, passwords, PINs, etc.) which cyber criminals then leverage to steal corporate confidential data, impersonate users or carry out fraudulent financial transactions.
The infamous “PunkeyPOS” malware is a clear example of the devastating effects that keyloggers can have. This malware infected the point-of-sale (POS) terminals of hundreds of restaurants, extracting sensitive information belonging to thousands of individuals.
Another infamous example is that of “Eye Pyramid”, the cyber espionage campaign that threatened the security of many of Italy’s public institutions earlier this year. “Eye Pyramid” was a cyber espionage ring spearheaded by a brother and sister that installed a keylogger on victims’ computers to steal passwords and access confidential information. Among those affected were former Prime Ministers Matteo Renzi and Mario Monti, as well as the president of the Central European Bank, Mario Draghi, as well as other individuals in possession of sensitive data.
It’s now evident that the professionalisation of keylogger-based attacks requires that companies and institutions implement systems that ensure data security. JC Cyber Security Services offer an intelligent cyber-security platform to eradicate advanced threats. Its dynamic approach, based on the principles of contextual intelligence, allows organisations to anticipate malicious behavior and prevent data theft. Thus, the endpoint defence system is capable of detecting, blocking and remediating any attack before it even reaches its target.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.