Rootkits are the tool of choice to attack governments around the world
Study finds majority of rootkits used for cyber-espionage purposes
Analyzing rootkits used in attacks over the past decade, cybersecurity researchers have discovered that close to half (44%) have been used to power campaigns that have focused on compromising government systems.
Moreover, examining the evolution of rootkits in cyberattacks, the study from Positive Technologies notes that irrespective of the target 77% of rootkits are used by cyber-criminals for espionage purposes.
The researchers describe rootkits as sophisticated programs that hide the presence of other malicious software or traces of intrusion in victim systems, and aren’t the most common type of malware.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
After governments, next in their firing line are research institutes (38%), followed by large-scale businesses involved in telecommunications (25%), manufacturing (19%), and financial institutions (19%).
Payment exceeds costs
Arguing that rootkits difficult and costly to create, Yana Yurakova, a security analyst at Positive Technologies says they are deployed either by sophisticated advanced persistent threat (APT) groups that have the skills to develop these tools, or by groups with the financial means to buy rootkits on the gray market.
“Attackers of this caliber are mainly focused on cyber-espionage and data harvesting. They can be either financially motivated criminals looking to steal large sums of money, or groups mining information and damaging the victim's infrastructure on behalf of a paymaster," asserts Yurakova.
According to their research, the cost of an off-the-shelf rootkit varies between $45,000 and $100,000, depending on various factors, such as the target operating system.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In 77% of cases, the examined rootkit families were used to harvest data, around a third (31%) were motivated by financial gain, and just 15% of attacks sought to exploit the victim company's infrastructure to carry out subsequent attacks.
In every case, the researchers find that the payouts from the attacks exceeded the costs, concluding that rootkits are “here to stay.”
Protect yourself against rootkits by securing your computers with these best endpoint protection tools.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.