How vulnerable is my Veracrypt-protected data to key logging attack via Windows?
Objective
I've come into possession of some data that I'd like to protect. If an attacker destroys or corrupts my data, I can tolerate that; Plenty of backups exist. But I can't tolerate an outsider reading the data.
My hypothetical attacker wouldn't be a government agency, nor an entity with CIA/NSA level capabilities. Rather, he'd mostly likely be an industry competitor or random thief committing a crime of opportunity using well known, publicly available tools.
Current Strategy
The data is stored on the hidden partition of a Veracrypt volume. The volume lives on a thumb drive. It's protected with a very strong 30+ character password. To anyone not in possession of the password, the drive appears to be empty and unformatted.
Data Access
The data is accessed maybe once or twice per week. It could be from either a Linux or Windows laptop under my control, but since I get the impression that Windows is generally perceived to be the weaker of the two OS's, I'd like to focus on the Windows laptop. It's a late model Dell Precision.
The laptop is really locked down. It's a clean install of Windows 11. There are no applications installed, other than Veracrypt which is used to mount the thumb drive's hidden data volume, and a specific open source app that used to read/write to the sensitive data.
The Windows firewall is configured in such a manner that network connections can't be directly established to the clear internet. Instead, only two outbound connections are allowed, both of which are to internal servers: one server facilitates Windows Update, and the other is a Tor proxy which runs on a non-standard port. The open source app running on the laptop connects with its peers via the Tor proxy, and only that app's process is allowed to make that internal connection.
Concern
I don't have a background in security but I do know how to use Google, enough to understand that the threat of a keylogger installed on the dedicated laptop shouldn't be ignored. The laptop is so bare bones and so locked down that I doubt a remote keylogger installation is feasible.
But consider the highly unlikely scenario where the attacker has regular physical access to both the laptop and the thumb drive. In a case where the laptop is off, what's the attacker's optimal strategy to install the keylogger to obtain my volume password, with the ultimate goal of using it to decrypt the volume at a later time? The laptop drive that contains the OS is protected by Bitlocker. Also, if it matters, SecureBoot is enabled in the UEFI settings. How difficult would it be for the attacker to install a root-level keylogger under these conditions?
Now consider the case where the laptop is on, but locked. The Veracrypt volume is NOT mounted. Assume the Windows login has a very strong password. Same question. What path could he use to install the keylogger, and is there anything I could do to reduce his odds of success?
Also consider that I use a wireless Logitech Bluetooth keyboard with the laptop. Is there a risk of a typed password being intercepted as it makes its way wirelessly from the keyboard to the laptop over Bluetooth?
Wrap Up
I realize we're talking about some real edge cases here that are unlikely to ever occur. I'm trying my best to use recommended security practices like firewalls, virus checkers, VPNs when posting, as well analog defense measures like keeping this laptop in a safe when I'm away. Yeah, kind of paranoid of me I suppose. But nevertheless, I feel like I need to get an accurate assessment of what my keylogger risks are, and see if I can find ways to mitigate them.
Thanks.
