According to research on how hackers employ rootkits, about half of all efforts are aimed at hacking government systems.
Recently, Positive Technologies published a report on the evolution and use of rootkits in cyberattacks, claiming that 77 percent of rootkits are used for cyberespionage.
Rootkits are used to access an infected system’s privileges, either at the kernel level or through user modes, which are employed by many software programs. Some rootkits may be able to do both functions.
Once installed, a rootkit can take control of a computer, intercept system calls, replace software and processes. They can also be part of a larger exploit kit that includes other modules like keyloggers, cryptocurrency miners, and data theft malware.
On the other hand, Rootkits are difficult to create and might require a long time and money. As a result, Advanced Persistent Threat (APT) organizations with the means and expertise to produce this type of malware are related to most rootkit-based operations.
The analysts’ research sample included 16 malware kinds, with kernel-mode rootkits accounting for 38%, user-mode rootkits for 31%, and combination-type rootkits for 31%. Most of them are meant to target Windows computers nowadays.
Due to the complexity of generating kernel-mode variations, there appears to be a general tendency in the exploit business toward user-mode rootkits, according to Positive Technologies. Despite advances in rootkit resistance in current PCs, rootkits are quite often effective in cyberattacks.
Positive Technologies’ research team claims that any flaws in a kernel-mode rootkit’s code can result in the machine’s destruction and irreversible damage. Extortion efforts will fail if a payment demand is made — for instance, by ransomware attackers — because the harm inflicted would be too great.
Rootkits have been used to attack government entities in 44 percent of incidents recorded since 2011, followed by research and academic institutions in 38 percent of general operations.
According to Positive Technologies, when rootkits are active, their cost and development time need a high-value target. Mostly, the purpose is data theft. However, it can sometimes be merely monetary.
Rootkits are also frequently linked to cyberattacks on telecommunications corporations, the manufacturing industry, and banks or financial institutions. They might also be used in targeted assaults on high-ranking politicians, diplomats, and staff of victim organizations.
Based on the target OS, subscription periods, and features, commercially available rootkits can cost anywhere from $45,000 to $100,000.
