fbpx

Cybersecurity Awareness Month: If an attacker successfully sends a keylogger to your device, all your login credentials will be captured; implement multi-factor authentication

Must Read

Destiny Young
Destiny Younghttp://linktr.ee/youngdestinya
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.

If you care about the safety of Internet life, ensure all (I mean, all) web access credentials, including your banking apps, have multi-factor authentication enforced.

Cybersecurity researchers and managers are prone to attacks. In short, malicious attackers would want to first have access to the security manager’s device. The reason is that security managers are the custodians of the company’s IT security and network configuration information. Successfully attacking a security manager leaves the company’s entire network vulnerable.

The security software on my desktop computer expired some weeks ago. For some reason, I was unable to renew it immediately, so the signature database became obsolete.

6 weeks later, I renewed my security software, updated its signature database, and conducted a holistic (deep scan, otherwise called a full system scan). The security software reported it found a threat, analysed the threat, and pointed me to the fact that the threat (Trojan) was a keylogger.

A keylogger is a malicious malware authored by hackers. They usually embed it as a script in some vulnerable websites. When the site visitor clicks links on the website, the script gets downloaded and installs itself in stealth mode on the target device.

Once it has become resident in your device, it captures all your keyboard strokes. It could capture and record all the keystrokes made on your device, and the log is transferred to the malicious attacker once there’s an Internet connection.

Now, you see, the attacker can access all your web service login credentials.

How he will succeed in attacking you depends on the level of your compliance with implementing adequate security measures.

My Recommendation:

1. Implement multifactor authentication (2-way authentication) across all your web services.

2. For Facebook users, avoid logging in to Facebook via a web browser and use the app.

3. To harden your security, use the Authenticator app to add an extra security layer to your security arsenal (don’t rely on your own SMS OTP alone).

On this particular day, I saw several OTPs coming to my phone requesting authentication that I didn’t initiate. Although I was not bothered because I have effectively implemented multifactor authentication across all my web services, it is now clear to me that the hacker had successfully captured my login access information for that web service, but bypassing the authentication poses a challenge to him. When I noticed that, I quickly changed my login details for that service.

Be safe.

Destiny Young
Cybersecurity Leader

Destiny Young
Destiny Young is a highly credentialed information technology professional with over 13 years of industry experience. An HND/BSc (Hons) Computer Science graduate. He holds a Master of Technology degree in Information Technology from the prestigious University of South Africa (UNISA). He is a Distinction-grade MBA alumnus of Nexford University, Washington, DC, where he also obtained a First-class MSc degree in Digital Transformation. He is currently pursuing MSc in Cybersecurity. His professional development direction is in Cybersecurity, Digital Transformation, and Business Intelligence. He is a member of the British Computer Society (BCS), the Chartered Institute of Administration of Nigeria (CIA), the Nigeria Computer Society (NCS), etc.
- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

How Digital Forensics Aide Fraud Investigation

Digital forensics is a branch of forensic science that involves identifying, preserving, analyzing, and reporting on electronic data. The goal is to preserve evidence in its original form and reconstruct past events to support or refute hypotheses.
- Advertisement -

More Articles Like This

- Advertisement -