Outbreak of Keystroke Logging: What You Need to Know Today

July 5, 2017 | By

Keystroke logging is a dangerous but often overlooked cyberthreat. While shiny, branded attacks like Wannacry and Petya get much of the spotlight these days, there are many, many attacks that fly under the radar but can be just as damaging — if not more so.

Specifically, we’ve seen an uptick in keystroke logging attacks lately, and in this post we want to arm you with information about this type of attack and how to prevent your business from succumbing to it.

What is Keystroke Logging?

Keystroke logging is a hacking technique that can be quite sneaky, because it requires very little effort on your part to get in. Often delivered via email, a keystroke logger generally requires just a single click for the malware to be installed on a user’s machine. Take for example the recent Olympic Vision Keylogger and BEC Scams. Attacks like these can be embedded in fraudulent emails pretending to be an invoice or shipping confirmation. These emails ask a user to click to confirm, but once they do, that prompts the keylogger to install.

Once it’s inside, it begins recording your keystrokes. This means it can capture usernames and passwords of banking apps, IT servers, and other critical systems. In this way, keystroke logging operates similar to how spearphishing works in that hackers can target specific people who they know have access to these systems (e.g. your accounting team, CEO, or a VP of Engineering). It only takes one person falling for it for the attackers to begin monitoring and collecting various logins and gradually increasing their footprint in your systems.

Even if a user targeted by the attack doesn’t have access to sensitive or privileged information, the software can still gather intelligence based on their keystrokes and learn who may hold the keys to the kingdom. For example, if the hacker records the victim emailing accounting@xyzcompany.com about an invoice or IT@abccompany.com about a new server environment, that can give them enough intel to launch more targeted attacks.

Challenges With Detecting and Preventing Keystroke Logging Attacks

The issue companies face when dealing with keystroke logging attacks like the Olympic Vision Keylogger is that users often have no idea the link they just clicked prompted malicious software to install and begin monitoring keystrokes. It’s a very sneaky attack, which is why it’s becoming more popular by the day.

Not only that, but it’s very affordable for attackers. Cybercriminals can purchase a keylogger subscription for as little as $15.

 

keystroke logging

 

Keystroke logging can go completely undetected by most traditional security software because of the way it’s delivered. Especially if you’re relying on antivirus or firewalls to detect threats coming in, you may already have a keystroke logging problem and not even know it. That’s because, as mentioned above, these attacks are delivered via email. Antivirus and firewalls cannot prevent your users from clicking on malicious links or downloading bad files, and when they do, it may take hours or days for them to detect the newly embedded software. By that time, the keylogger may have already collected enough intel to swipe sensitive passwords and break into accounts to either steal money, hold data hostage, or gather information it can use against you.

3 Ways to Prevent Keystroke Logging From Damaging Your Business

Passwords are the golden ticket into all of your company-owned accounts, so the first and best line of defense against keystroke logging is to be smart about passwords. Here are three tips that are critical to employ organization-wide:

1. Don’t Reuse Passwords

The repetitive use of passwords across services is one of the easiest ways to get hit hard by keystroke logging. As hackers detect the usernames and passwords you or your users are typing in, you can bet they’re trying those passwords on other services, especially those that contain valuable and sensitive data. So while you may not even log into your company’s bank account or server often, if you use the same password for those as you do your email or any other service you log into regularly, they’re going to try those passwords on other accounts.

The more you reuse passwords, the faster hackers will be able to gain entry to accounts, and the more damaging the attack will be to the business.

2. Use a Password Manager

Remembering a unique password for every service is next to impossible, and that’s where password management tools like 1Password or LastPass come in. These services can help you generate complex and unique passwords for every new service you sign up for. Not only that, but many of them will analyze the passwords you currently use across services and notify you when there is repetitive use or low-quality password so you can fix it.

This is a really easy way to guarantee that not only is each login unique, but the passwords are also next to impossible to guess. So even if a keylogger gets installed on your machine, you’re only losing access to one account and not the keys to the kingdom.

3. Enable Two-Factor Authentication (2FA)

Another best practice to keep your data safe is to employ two-factor authentication organization-wide. This way, even if an attacker uncovers your password, they usually won’t have the second form of validation (typically an email or text message) they need in order to get in.

Many cloud services come with 2FA built in. It’s as simple as communicating with your user base on the change and enabling the feature. Start with some friendly, tech-savvy users and watch it spread like wildfire.

Take the Security High Road: Leave Nothing to Chance

Adopting the attitude that this won’t happen to you or you’ll get around to addressing it one day will only come back to bite you hard. Don’t wait to adopt security hygiene best practices like password security. Password management tools are relatively cheap to purchase, and should absolutely be implemented both in businesses and for personal use. Most services, especially web-based services, offer 2FA and make it easy to set up, so it’s a no-brainer that these should be implemented as well.

 

Now, all of this said, humans aren’t perfect. At some point, one of your employees will forget to use their password manager or utilize unique passwords. That’s why you also need a fail-safe that will ensure that even if a user clicks on one of these emails and a keyword logger attempts to download, it will be caught before it gets in to steal your info. That can be done using a DNS-based service like Strongarm. In fact we’ve already caught several of keystroke logger attack attempts in the past week alone.

 

If and when a user clicks on a malicious link, such as that of a keystroke logger, the attack will be immediately quarantined and removed before it can install and begin monitoring.

 

And with our latest partnership with KnowBe4, a security awareness and education service, Strongarm users will not only be brought to a block page that tells them what happened, they’ll also be given information about attacks like these so they are less likely to click in the future. We’ve found that on-the-spot training like this is the very best way to educate your workforce because it hits them in the moment, when the problem is most obvious and salient.

 

To integrate Strongarm across your organization and take advantage of KnowBe4’s user education, sign up for a free 30-day trial of Strongarm today:

Begin Your 30-Day Free Trial

(no credit card required to sign up)