CMMC Keylogger

What are keyloggers and what guidance does the CMMC provide

A keylogger is a device or application that is used for keystroke logging. This captures and records a computer users' keystrokes. This includes capturing sensitive passwords. While keylogging is occurring the person using the keyboard is unaware that their actions are being monitored.

Join our newsletter:

Is a keylogger hardware or software?

A keylogger can either be hardware or software. A hardware based keylogger can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a keyboard and the computer. They log all keyboard activity to their internal memory. Software-based keyloggers are computer programs designed to work on the target computer's operating system. Software based keyloggers can come in the form of; Hypervisor-based, Kernel-based, API-based, Form grabbing based, Javascript-based, and Memory-injection-based.

When were hardware keyloggers first used?

key logger
Keyloggers first appeared in the 1970’s when the Soviet Union developed and deployed a hardware keylogger targeting typewriters in the US Embassy and Consulate buildings in Moscow.

When were software keyloggers first used?

Software keyloggers first hit the scene in 1983 when an early keylogger was written by Perry Kivolowitz.

Were keyloggers ever used by the FBI?

lifecycle
Yes, in 2000 the FBI used FlashCrest iSpy, a key logging software to obtain the passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Also in 2000, the FBI lured two suspected Russian cybercriminals to the US in an elaborate ruse. The FBI captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to hack into the suspects computers in Russia to obtain evidence to prosecute them.

What guidance does the CMMC provide regarding keyloggers?

Various CMMC practices if implemented can help your organization avoid the threat of key loggers. Physical access controls can help prevent a malicious person from installing a physical keylogger on your systems. Implementing the principles of least functionality and least privilege can reduce the risk of key logging software being installed on your systems. By installing and properly configuring anti-malware solutions on your systems you can block and detect software keyloggers. By properly configuring your firewall to block unauthorized traffic you can prevent a keylogger from sending any captured keystrokes back to the attacker.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.