What is a Keylogger? Is it a Part of Cybersecurity?

In recent years, the number of cyberattacks has increased considerably, especially against SMEs, and as they advanced, so did the strategies used by cybercriminals to take advantage of vulnerabilities in companies. Keyloggers are a case in point.

Although the technology is not new, the way it is distributed or infected on our systems has changed. This post explains what a keylogger is and how to protect ourselves.

What is a Keylogger?

This tool’s main objective is to register device keys without the user noticing since this action is carried out in the background. The registered information is stored in a file that a third person can access. In this way, a cybercriminal could access confidential data, such as bank credentials.

They can be classified into two different types, depending on how they are integrated into the device:

Keylogger as a hardware device: It consists of a device that connects to the keyboard. It can be found between the keyboard and computer connectors, being visible or hidden inside the keyboard. It usually stores the information on the device itself, so retrieving the recorded data requires its physical removal.

Software-based keylogger: It is malware that can infect your computer, for example, through a malicious link, downloading a program from an untrustworthy page, or connecting a USB device. The recorded information is sent remotely to a third party, which makes it the type of keylogger most used by cybercriminals.

As we mentioned, software-based keyloggers can be distributed in different ways. Some phishing-type campaigns directed directly at companies have been detected. The messages distributed in these campaigns often include an attachment that, when downloaded, infects the device with a keylogger to steal personal credentials and other sensitive information.

There is also a risk that our computer will be infected with this malware when installing programs, downloading files from unreliable sources, or using USB devices of unknown origin.

What if my device gets infected by a keylogger?

Now that we know how it works let’s assume what could happen if we were victims of a keylogger and the implications it would have on our personal information and our company.

Adam is looking for an editing application for his computer to create posters and other content for his company. A website appears in the search engine advertising a tool with all kinds of features included and completely free. Adam realizes that the web URL does not start with HTTPS and does not have a legal notice section. Although these details make her suspicious of his reliability, he ends up downloading the application on his computer.

Once the application is installed, Adam notices it is not working and finally deletes it, but he still does not know that a keylogger has infected his computer. Fortunately, Adam does not use this computer to access services that can store sensitive information. Still, he operates the same passwords for all his accounts, including his company’s.

In this way, by registering on another publishing platform, you have provided the credentials of your social networks and personal email credentials and access to your company’s systems. Consequently, a cybercriminal could take advantage of this information to execute an attack on your company or your collaborators, compromising your security and thus damaging your image of trust and reputation.

As can be seen, the risks associated with keyloggers are significant, but they can be limited and even avoided by rigorously applying some simple practices, among which are:

Download apps only from trusted sources. At the enterprise level, it is essential to determine which applications can be downloaded to devices. To do this, having a security policy that contemplates this section and ensuring that it is known in our organization can help comply with this practice.

• Download attachments or access links sent by message only when we can guarantee the sender’s legitimacy.
• Check that our keyboard does not have any suspicious elements connected. Since this type of keylogger could be found inside the device, it is advisable to use those we purchased directly from a provider.
• Update our equipment and activate protection measures such as antivirus or firewall.

In addition, as a preventive measure against infection from a keylogger or any other threat, it is essential to use strong and different passwords for each service and to have two-factor authentication activated. This will limit the possibility that cybercriminals can access our other accounts.

Again, these types of attacks serve as a reminder of the importance of staying alert to cyber risks. It should be borne in mind that the first defence barrier is the user himself, which is why a significant part of the threats are based on social engineering. 

That is why training and awareness in cybersecurity for the members of our organization, both professionally and personally, are the best tools to protect our systems.