Kaspersky Labs has published an excellent piece of work on keyloggers. According to Kaspersky, the use of keyloggers has risen 500% from January 2003 to July 2006. "There are many more examples of cyber criminals using keyloggers – most financial cybercrime is committed using keyloggers, since these programs are the most comprehensive and reliable tool for tracking electronic information." says the article.
"One report issued by Symantec shows that almost 50% of malicious programs detected by the company’s analysts during the past year do not pose a direct threat to computers, but instead are used by cyber criminals to harvest personal user data." the article points out.
The article contains great overivew of many successful examples of keyloggers, describes the growing threats and recommends steps to take to mitigate the threat.
One thing I want to note is that the use of passwords and anything entered in by the keyboard is very insecure (read my paper "Why your use of ID and password is likely a joke"). Intelligence agencies have known this for many, many years. As a result, defense agencies have windowless rooms to thwart the capture of keyboard strokes by antennas. They also use special computers that have keyboards wired hard into the computer or, can detect when a keyboard is removed and a hardware keyboard logger is inserted between the keyboard and the computer.
Most enterprises don't have the resources, or the willpower of the military to defend itself against all forms of attacks. So, what is an enterprise to do to defend itself against keyloggers and malware?
Have a many layered enterprise defense strategy. You must assume that almost all layers will be broken...especially in today's age where the number of attack vectors internally and externally are so great.
Use stronger authentication for higher risk systems, applications, information and physical areas. I caution the reader however that these are not foolproof. There have been many times over the last year where documented reports have been found that multi-factor authentication has been bypassed. Usually this involved the criminals having software installed that lets the authentic user log on and then afterwards hijacks the session.
Use transaction authentication for protecting enterprise crown jewels.
Finally, have content filters on all outbound traffic through the firewall to catch precious things digitally leaving the enterprise that shouldn't.