Conversations about the future of work were propelled forward during the pandemic. The rapid shift to remote work and the necessity to expand bring-your-own-device (BYOD) programs encouraged business leaders to fully embrace innovative business models. This trend is expected to continue long after the pandemic has subsided.

Digital native employees, particularly Generation Z employees, demand that companies introduce more technology in the workplace to make their workday more productive. Citrix’s Work 2035 report revealed that the vast majority of young employees prefer hybrid work to working in the office.

However, this new reality of work creates significant security challenges for IT teams to manage. One particularly dangerous common cyberthreat is keylogging — but what are keyloggers and how can IT teams provide keylogger protection in the era of BYOD programs and unmanaged devices?

What is a keylogger?

Keyloggers are an extremely common type of malware that have existed since the 1970s, when they were used to monitor typewriters in embassies in the Soviet Union. Keyloggers work silently and send recorded keystrokes back to the attacker that deployed the malware. Despite its lengthy existence, keylogging (or keystroke logging) is still effective in collecting and sending confidential information such as usernames and passwords to malicious actors. This type of malware is particularly dangerous since it can operate without the knowledge of the owner of the compromised device.

A threat known as screenshot malware operates similarly but focuses on capturing screenshots of user activity at regular intervals. With either of these threats or a combination of the two, cybercriminals can collect a significant amount of critical information, ranging from sensitive company financial information to user credentials for key business applications.

How do malicious actors use keylogging attacks to compromise unmanaged devices?

1. Phishing emails and websites can dupe users into inadvertently installing a keylogger on their device.

Phishing attacks are the easiest way to fool users into installing a keylogger on their devices. Malicious keyloggers can use these scams to create convincing fakes of well-known and regularly used websites to encourage users to click on infected links, or they may send official-looking emails with compromised links or attachments.

Once the keylogger is installed, the attacker can track each key the user pushes, consequently gaining access to usernames, passwords, credit card numbers, bank accounts, and other sensitive information. This information can then be sold to the highest bidder, particularly in cases where corporate information is stolen or used to further compromise device security with other malware or ransomware. Users should always verify the senders of their emails or the URLs of the websites they visit to make sure they’re accessing information in the safest way possible.

2. Keyloggers collect information without disrupting device functionality and often go unnoticed for long periods of time.

With other malware, there are usually clear signs of infection. These indications can be as small as excessive notifications and pop-ups on the user’s screen, or as large as full denial of access to the device.

Keyloggers can be significantly more dangerous since they are usually difficult for the user to detect. Keyloggers can capture screenshots, log personal data, and collect any information the user types — in complete silence. This means users are often unaware of the problem and take no action to solve it. For businesses that don’t have large and dedicated cybersecurity teams to constantly monitor device security, such compromises can have an outsized effect over time, even more so if the devices used by employees are unmanaged.

3. Compromised devices can also be infected with malware that is regularly bundled with keyloggers.

While keyloggers can do a significant amount of damage themselves, this form of malware is often bundled with other types of infections that can go beyond the scope of keyloggers. Keyloggers can even provide detailed user information that can help other threats identify and target areas of weakness in the user’s device.

For instance, if a user is seen to use a single password across services on one device, this behavior likely continues on other, potentially more secure devices. These user credentials can then be used to infect all devices owned by the user with significantly more dangerous malware.

Why do hackers use keyloggers?

1. Information gathered using keyloggers can be used to mount large-scale attacks on critical corporate infrastructure.

The main reason keyloggers are so often used by malicious actors is that information can be gathered with stealth. This information is then transformed into something of direct value to the attacker. If they gather usernames and passwords for a corporate email account, for example, they can access that account and sell the information to the company’s competitors. In more involved cases, the attackers can use that information to launch a large-scale attack, such as a DDoS attack, on company infrastructure.

2. Keyloggers are simple to use and easy to deliver to unmanaged devices with less security.

An unfortunate side effect of widespread digital transformation is that cybercriminals have also evolved and can easily develop and distribute malicious software. Keyloggers are a common choice for attackers since they are easy to deploy and usually go undetected for long periods of time.

The widespread use of unmanaged devices and rapid expansion of hybrid-work arrangements has created cybersecurity loopholes keyloggers can easily exploit. Using the anonymity provided by cryptocurrency, information gathered from keyloggers can be sold in an environment that is extremely difficult to police. For this reason, it’s critical for business leaders to take steps that ensure any keylogger malware installed on unmanaged devices is isolated from the corporate network.

How to Protect Against Keyloggers

The reason hybrid work models and BYOD programs create such a security concern is that there are significantly more endpoints in this business model than an enterprise that operates completely on-site with managed devices. When employees work remotely, it’s likely their personal devices and home network lack the level of security that enterprise systems have. This makes attacks through the web, applications, and unsecure devices easier for criminals than they would be in a system that minimizes unsecure endpoints.

The State of Application Security 2021 from Forrester revealed that web application exploits are prevalent in 39 percent of external attacks, and mobile malware is a factor in over a quarter of attacks. Considering the prevalence of web and mobile activity in a hybrid-work environment, these attack vectors must be addressed.

In other words: With such widespread use of personal devices for work, the risk of keylogging malware is constant. And unfortunately, a lack of insight into device health means IT can’t defend against common types of malwares.

Thankfully, there is a way to protect corporate information from being stolen by keylogger and screen capturing malware. By using specialized app protection solutions, organizations can secure access from unmanaged devices by scrambling keystrokes and returning screenshots as blank.

How Citrix App Protection Can Ensure the Security of Critical Company Resources

With Citrix Secure Private Access, organizations can secure access to corporate apps on BYOD and unmanaged devices — even ones that may be infected with keylogger malware. Because keystrokes are scrambled and screenshots are returned as blank screens, any keylogger attempting to extract data from an infected device receives hashed text instead of usable information.

To learn how Citrix can protect against keyloggers and other types of malware, be sure to explore the features of Citrix Secure Private Access.