A terrifying hacking technique that deciphers what you’re typing just by listening to keystrokes could ‘slip into the wild’ in 2019

Getty Images

  • “Soundloggers” are a cyber attack technique that involves listening to keystroke sounds and deciphering what’s being typed.
  • They were developed by nation states but will likely “slip into the wild” and be used against businesses and the general public, according to leading global software security firm Malwarebytes.
  • Attacks against businesses surged 78% last year and Malwarebytes detected more than 350,000 attacks on businesses in its network — an increase of 78%.

One of the world’s leading cyber security companies believes a sophisticated hacking technique that involves figuring out what you’re typing just by listening to keystroke sounds will start to go mainstream this year.

Global anti-virus provider Malwarebytes lists “soundloggers,” as they’re known, among the emergent threats in cyber security in 2019.

“Already in existence, this type of attack was developed by nation-state actors to target adversaries. Attacks using this and other new attack methodologies designed to avoid detection are likely to slip out into the wild against businesses and the general public,” the company says in its annual State of Malware report, released today.

The company also warns that cyber threats with artificial intelligence components that can adapt and respond to security measures by rewriting their own code are also likely to become an increasing risk.

“While the idea of having malicious AI running on a victim’s system is pure science fiction at least for the next 10 years, malware that is modified by, created by, and communicating with an AI is a dangerous reality,” the report said.

“An AI that communicates with compromised computers and monitors which and how certain malware is detected can quickly deploy countermeasures. AI controllers will enable malware built to modify its own code to avoid being detected on the system, regardless of the security tool deployed. Imagine a malware infection that acts almost like ‘The Borg’ from Star Trek, adjusting and acclimating its attack and defense methods on the fly based on what it is up against.”

Business leaders around the world increasingly see cyber security as among their top business risks. Attacks against businesses surged around the world last year, with Malwarebytes recording an eye-watering 79% increase in attacks on businesses compared to the previous year.

In Australia and New Zealand, business attack detections increased 78%, from 201,596 in 2017 to 358,321 in 2018 among the Malwarebytes customer base. One of the major threats was from hackers seeking to co-opt businesses’ computing power for cryptomining, with detections of those specific attacks in Australia and New Zealand exploding from 6,641 instances in 2017 to 130,447 in 2018.

Cryptomining, however, has started to wane rapidly in its appeal to cyber criminals. Price implosions in digital currencies have destroyed the risk-reward equation for cryptomining attacks.

The increase in the risk to businesses is a major theme of the report.

Malwarebytes regional director for Australia and New Zealand, Jim Cook, said: “We’re now seeing cybercriminals targeting businesses more often and more aggressively, recognising that there is a bigger pay off in targeting organisations and the executives that work within them, rather than individuals.”

On the plus side, companies and the cyber security industry are likely to start making a decisive push to start phasing out passwords.

“New, high-profile breaches will push the security industry to finally solve the username/password problem,” the report says.

“The ineffective username/password conundrum has plagued consumers and businesses for years. There are many solutions out there—asymmetric cryptography, biometrics, blockchain, hardware solutions, etc.—but so far, the cybersecurity industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace passwords altogether.”

The full report is available here.