Keylogger

What Is a Keylogger?

A keylogger is a program that monitors user keystrokes on a device. This can be used for both illegal and legitimate reasons but is often used as a kind of spyware or malware to steal credentials or other information from users. Threat actors will then use the information gathered from keyloggers to launch or escalate a cyber incident.

Legitimate Uses of Keyloggers

While keyloggers are often used by threat actors to obtain information and credentials for unsuspecting users — this can be done as research for a future attack or during an attack to gain privileged access — there are legitimate uses.

Examples of keyloggers include organisations utilising them to monitor employees’ actions or even parents using them to monitor children. Other examples include a product team using them while a user tests a product or by an IT team to try to understand a user-centered problem.

Once a keylogger is used for cybercrime, it becomes illegal.

How Keyloggers Work

Keyloggers fall into two categories: hardware keyloggers and software keyloggers.

Hardware keyloggers, like the name suggests, are a physical device, like a usb thumb drive, while software keyloggers are a program that runs in the background.

Software keyloggers are more often used by threat actors as they can be automatically triggered when malware is downloaded and can often run in the background without the user noticing.

Types of software keyloggers include:

API keyloggers
JavaScript keyloggers
Form-grabbing keyloggers

While keyloggers may vary in form or how they’re activated, they all have the same goal: To monitor and record keystrokes.

Keyloggers can end up on a user’s device through a variety of methods. The most common vectors used by threat actors are:

Web page scripts. This is where keyloggers are part of malicious code on a website that is activated when the code is downloaded.
Phishing. Malicious links or files containing keyloggers are a hallmark of phishing emails. Other social engineering tactics can also result in a keylogger download.
Software downloads. If a user downloads suspicious software, it could end up containing a keylogger program.

Dangers of Keyloggers

As mentioned above, keyloggers can be used at multiple stages during an attack, depending on the threat actor’s need. However, they are commonly used for credential theft, which can then be used as a root point of compromise. Because keyloggers can be activated as soon as malware is downloaded, a keylogger can start gathering information long before a user is aware of it.

In addition, the stolen credentials can be used to launch a variety of attacks. For example, business email compromise (BEC) attacks rely on a threat actor gaining access to an email account within an organisation, which can be done through stolen credentials. If an attack is progress, the use of a keylogger can reveal credentials that can lead to privileged access, escalating the attack further.

Software keyloggers can disguise themselves as legitimate programs, and hardware keyloggers can be difficult for security software to detect. This makes them dangerous to users and a favorite for threat actors.

Of course, the danger exists beyond credentials. Cybercriminals can steal credit card information, bank account information, email account information, private data, and more. This wide range of information allows cybercriminals to launch further attacks with ease.

How to Protect Your Organisation Against Keyloggers

Because keyloggers often are downloaded through user action, user education becomes paramount when preventing keyloggers.

Utilising a strong security awareness training program can go a long way toward helping users spot social engineering attacks; be more aware of what suspicious sites, links, and files look like; and helping them stay safe in a variety of digital situations.

Arctic Wolf® Managed Security Awareness prepares your employees to recognise and neutralise social engineering attacks and human error — helping to end cyber risk at your organisation.

As many attacks that start with keyloggers are credential-based attacks, having strong identity and access management, and implementing a Zero Trust framework — which utilises tactics like multi-factor authentication (MFA) — can stop an attack from escalating and eliminates privileged access which threat actors may take advantage of in an attack.

While it’s hard for security software to spot keyloggers, if credentials are taken and unusual behavior occurs, a detection and response software can stop these attacks before they escalate. Arctic Wolf® Managed Detection and Response (MDR) provides 24×7 monitoring of your networks, endpoints, and cloud environments to help you detect, respond, and recover from modern cyber attacks.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY

Keylogger

What Is a Keylogger?

Legitimate Uses of Keyloggers

How Keyloggers Work

Dangers of Keyloggers

How to Protect Your Organisation Against Keyloggers

Arctic Wolf

Cybersecurity Beginners

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK