Description: C:\Users\Gimode\Desktop\LOGO\CAK LOGO-01.jpg

National KE-CIRT/CC Cybersecurity Best Practice Guide of the Week

 

 

In This Issue:

*    Keyloggers

 

 

 

 

 

 

 

 

 

 

 

KEYLOGGERS

 

Image result for keyloggersImage result for keyloggers

 

A keylogger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.

 

Modes of attack

 

Most keyloggers on average computers arrive as malware. Malware can intrude your computer in various ways, some of which are listed below:

*         Visiting a malicious website, which may cause your computer to download and install malware/trojan/keylogger.

*        Removable media/USB drive worms.

*        Malicious software installed through peer-to-peer networks.

*        Worms that use network vulnerabilities to move around.

*        Keylogger binded with a genuine program.

 

How do you detect a keylogger?
Keyloggers are tricky to detect. Some signs that you may have a keylogger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.

 

Tighten your defenses

Implementing the following practices will ensure protection against keylogger attacks:

*    Do not login to your sensitive accounts from a shared computer.

*    Make sure you log out of accounts you logged in.

*    Keep your personal computer safe so that no one installs anything without your permission.

*    Use an on-screen keyboard for entering your password, since it uses mouse clicks and not keystrokes. This feature is used by most banking sites today.

*    Always set up account recovery details like Forgot Password, security questions and answers carefully, so that if ever the account gets lost, you are able to recover it. It is the easiest and most powerful way of recovering a hacked account.

*    Use caution when opening attachments – files received via email, P2P networks, chat, social networks, or even text messages (for mobile devices) can be embedded with malicious software that has a keylogger.

*    Watch your passwords – Consider using one-time passwords and make sure key sites you log into offer two-step verification. You could also use a password manager like McAfee SafeKey that is available with McAfee LiveSafe™ service, which will automatically remember your user name and passwords, but also prevent keylogging since you are not typing in any information on the site as the password manager will do that for you.

*    Try an alternative keyboard layout – Most of the keylogger software available is based on the traditional QWERTY layout so if you use a keyboard layout such as DVORAK, the captured keystrokes do not make sense unless converted.

*    Use a comprehensive security solution – Protect all your devices—PCs, Macs, smartphones and tablets—with a solution like McAfee LiveSafe, that offers antivirus, firewall, as well as identity and data protection.

Have the above security tips in mind when operating your computer systems. Report any cybercrime incident/activity

to  incidents@ke-cirt.go.ke. / www.ke-cirt.go.ke