A handful of Scandinavian bank Nordea clients had their checking accounts emptied following a phishing scam, the total damage counting more than $1 million and making this case one of the biggest incidents of keylogging yet.
Nordea clients started receiving emails created by the hacker that looked like legitimate messages from the bank that suggested installing an antispam product that was attached to the message. When the victims opened the attached file they in fact had their machine infected with a Trojan virus called Haxdoor.
The Trojan was activated when the targeted user registered for Nordea’s online service and displayed an error, asking the victim to re-enter the registration information. With the keylogger included in the Trojan the cyber criminals captured the data entered by the victim, which was then sent to the criminals’ server.
The rest is history. With the username and password to the victims’ internet banking accounts now to hand, the hackers emptied their checking accounts.
What Is a Keylogger and How Does It Work?
The term keylogger clearly describes the software’s main function: it is designed to secretly monitor and log all keystrokes on a victim’s computer. It is worth adding, though, that key logging isn’t limited to software, since there are keylogging devices as well – although they are much rarer.
Keylogging software is used in various situations, and not always for nefarious reasons. For example, an administrator might deploy such software to track what employees are doing during the workday, while parents can use them to keep tabs on their children’s digital life to protect them from cyber bullying or other online dangers.
The fact is, the ethical boundary between justified monitoring and eavesdropping is ultra-thin, but the worst-case scenario is that legitimate software can also be used to steal sensitive information such as passwords.
Combined with phishing, keyloggers are among the most popular methods used in cyber fraud. Users aware of security threats will likely be able to identify phishing emails but, without that kind of security education, lots of people unwittingly expose financial data. As keyloggers become more sophisticated, they can be programmed, for example, to only become active when a user visits a certain site and only then begin logging the information.
How Cyber Criminals Use Keyloggers
As a parent you might be tempted to install a keylogger onto your child’s computer or mobile device, and it is your choice to do so. But you should be aware that hackers use the same features of keylogging software for malicious purposes, to steal your username, password or digital identity.
Carleton University of Canada discovered in early 2016 that an unknown hacker had left USB keyloggers on computers across its campus. As a result, every student and teacher using the computers had their keystrokes recorded. As of writing, it is unknown whether the University or the teachers suffered a breach from this, but if they did it isn’t likely to be something they will happily share with the public.
In a non-public advisory distributed to companies active in the hospitality industry, the U.S. Secret Service warned that hackers had compromised computers in several major hotel business centers in the Dallas and Forth Worth areas. The hackers installed keylogging software onto computers made available to guests in hotel business centers.
In mid-October 2010, Sovereign Bank’s Chief Privacy Officer notified the New Hampshire Attorney General’s office of a security breach. An internal investigation discovered keylogging software on one laptop, and that was all that was needed to access highly sensitive customer data.
What Can You Do to Protect Yourself Against Keylogging Software
While keylogging software was developed to fly under the radar, most antivirus companies have added known keyloggers into their databases. This means that the best way to protect yourself against keyloggers is to use antivirus software such as MalwareBytes for Mac, Kaspersky Total Security for PC or the like.
We cannot emphasize enough the weakness of single-factor identification. One of the biggest hacks of 2017, the Deloitte breach, could have been easily prevented by the use of two-factor authentication. That, combined with the use of a password manager to store all your passwords in one secure place, is the best way to protect any highly sensitive information.
Best Password Managers of 2019