CAPEC-568: Capture Credentials via Keylogger
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary deploys a keylogger in an effort to obtain credentials directly from a system's user. After capturing all the keystrokes made by a user, the adversary can analyze the data and determine which string are likely to be passwords or other credential related information.
执行流程
步骤 1 Explore
[Determine which user's credentials to capture] Since this is a more targeted attack, an adversary will first identify a particular user they wish the capture the credentials of.
步骤 2 Experiment
[Deploy keylogger] Once a user is identified, an adversary will deploy a keylogger to the user's system in one of many ways.
- Send a phishing email with a malicious attachment that installs a keylogger on a user's system
- Conceal a keylogger behind fake software and get the user to download the software
- Get a user to click on a malicious URL that directs them to a webpage that will install a keylogger without their knowledge
- Gain access to the user's system through a vulnerability and manually install a keylogger
步骤 3 Experiment
[Record keystrokes] Once the keylogger is deployed on the user's system, the adversary will record keystrokes over a period of time.
步骤 4 Experiment
[Analyze data and determine credentials] Using the captured keystrokes, the adversary will be able to determine the credentials of the user.
- Search for repeated sequences that are following by the enter key
- Search for repeated sequences that are not found in a dictionary
- Search for several backspaces in a row. This could indicate a mistyped password. The correct password can then be inferred using the whole key sequence
步骤 5 Exploit
[Use found credentials] After the adversary has found the credentials for the target user, they will then use them to gain access to a system in order to perform some follow-up attack
前提条件
- The ability to install the keylogger, either in person or remote.
缓解措施
Strong physical security can help reduce the ability of an adversary to install a keylogger.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1056.001 | Input Capture:Keylogging |