Security Breaches using KeyLoggers & Anti KeyLoggers: An Overview
With the
increased innovation in technology the threat of breach to user’s confidential
data has increased by huge degree. Today attackers are growing stronger. They
are discovering new ways to pierce the security levels on a rapid rate. Thus
security is a key challenging area of research for security managers.
As far as security is
concerned besides social engineering,there are many methods of obtaining
confidential information. A very common method to obtain sensitive information
includes keystroke logging.
Keystroke logging is the capture of typed
characters. It is often used to gather secure information, commit fraud, or
obtain system facility access. The data captured can include passwords, user
ID’s, and other sensitive bits of information and the attacker can obtain
valuable data without cracking into a hardened database or file server. Keyloggers
are a prominent class of malware and so they present a special challenge to
security managers. Unlike traditional worms and viruses, certain types of
keyloggers are almost impossible to detect and work well because they’re
simple. They just take raw information – keystrokes – and ship them out of your
computer to a third party and that is why this can pose a serious threat to
users. As a result, cyber criminals can get PIN codes and account numbers for
e-payment systems, email addresses, user names, email passwords or any
potential information can be logged quickly without any apparent performance
impact on the target PC and surprisingly most users infected with a keylogger
will never know it unless an account or credit card is hijacked.In this way,the
access to confidential data can sometimes have consequences which can be quite serious.
The most
common ways of doing this is through phishing, social engineering, bundling the
keylogger with other software .The main idea behind keyloggers is to get in
between any two chain of events for example when a key is pressed and when
information about that keystroke is displayed on the monitor. This can be
achieved using video surveillance, a hardware bug in the keyboard, wiring or
the computer itself or requesting information from the keyboard using standard
methods.
Though Keyloggers are
tricky to detect, still there are some typical signs. For instance you may
encounter slower performance while web
browsing, your mouse or keystrokes pause or don’t show up onscreen as what you
are actually typing or if you receive error screens when loading graphics or
web pages.
CATEGORIES:
There are two categories of keyloggers
Software-based keyloggers are used to intercept your keystrokes, mouse
clicks, clipboard contents, URLs i.e. all the user activity. The second type of
keyloggeris hardware-based keyloggers
are physical devices that are usually plugged
between the keyboard and intercept keystrokes typed.
HOW TO PREVENT AND PROTECT THE PC:
Since the chief purpose of keyloggers is to get confidential data, the
most logical ways to protect against unknown keyloggers are as follows:
With the help of a one-time password the threat can be minimized .Even
if the password you enter is intercepted, the password generated can be used
one time only. So Even if the one-time
password has been intercepted, the cybercriminal will not be able to use it to
obtain access to critical information.,
- By using a system with proactive protection designed to detect keylogging software,
- By using a virtual keyboard.
- Always Use licensed anti-virus software and update it regularly.
- On a regular basis, Update your OS
- Be extra cautious while you enter confidential credentials. A simple way can be that one may enter some extra characters -And then delete them using the mouse
- By trying an alternative keyboard layout .Since most of the keylogger software available is based on the typical older QWERTY layout so if you use a keyboard layout such as DVORAK, the captured keystrokes does not make sense unless converted.
Ms. Shweta Ohri
Assistant Professor
Dept. of Information Technology
No comments:
Post a Comment