|By Shelly Palmer||
|June 25, 2012 06:45 AM EDT||
Keylogging has taking center stage, and it now deserves our proper attention. After all, keyloggers have been identified as the #1 Global Threat to consumers, corporations and government agencies in the recent 2012 Verizon Data Breach Investigations Report. Symantec Corporation coined 2011 as “The Year of the Hack,” when they saw an 81 percent increase in cyber attacks.
Keyloggers have been credited for many of the world’s most notable breaches: RSA/EMC, Lockheed Martin, Google Epsilon, Oakridge Nuclear Weapons Lab, Citibank, World Bank and tens of millions of consumers around the world.
What makes the keylogger the preferred weapon of choice is that they have been designed to avoid detection from anti-virus and anti-malware programs and the fact that they can be embedded into any type of download (mp3, video) or attached to any type of web link. Social Networking websites, like Facebook, have become the favorite place for hackers to propagate their spyware.
Keyloggers work by hooking the Windows or Apple message queue. It is relatively easy to place a hook and inspect all the messages (such as keystroke messages) before they are sent to the application (i.e. desktop application or browser). The keyloggers then log the keystroke messages into a file. Typically, the keylogger communicates with the hacker via an IRC channel and delivers the captured keystroke file to the hacker.
Current anti-virus and anti-malware tools are based on scanning a computer for files with a particular signature. The database containing signatures of known bad files has to be continuously updated. The major caveat in this approach is the existence of the signature of a known problematic file. Spammers and criminals are currently deploying sophisticated software which dynamically changes the file signature, making anti-spam and anti-virus tools no longer effective against keyloggers. Also, there is significant time between detecting a new keylogger on the internet and the anti-keylogging signature being updated on anti-virus/spyware software. This time gap can be a month or longer.
Anti-keylogging keystroke encryption to the rescue. Keystroke encryption uses a different approach to defend against keyloggers. Rather than trying to detect keyloggers, it takes a preventive approach. It takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then encrypted and sent to desktop applications and the browser via an “Out-of-Band” channel, bypassing the Windows and Apple messaging queue. Look for keystroke encryption products with a built in self-monitoring capability, such as GuardedID. This prevents it from being bypassed by other software.