Today we Internet users are faced with various types of malware. In this regard, we must be attentive to viruses, computer worms, Trojans, Phishing attacks and ransomware, among others. The best way to defend ourselves against them is to act with common sense, have our equipment updated and have an antivirus on our equipment. Another dangerous element that has been present among us since the 80s are rootkits, which are pieces of software that hide deep in our system so that cybercriminals can later access. In this article we are going to talk about the evolution of rootkits and what we can expect from them in the future.
What is a rootkit and how is it used
A rootkit We can define it as a set of software that allows privileged access to a computer and that also keeps its presence hidden from administrators. Cybercriminals typically install rookits on a computer after having obtained write permission anywhere in the filesystem hierarchy. It then takes advantage of a known vulnerability or of having obtained a password in order to install it.
The rootkits they are commonly used to hide some applications that could act on the attacked system. They also usually include backdoors or back doors to help the cybercriminal easily gain access to the system. It should also be noted that it can affect a wide variety of operating systems such as Microsoft Windows, Linux and MacOS so that hackers can then remotely send commands or extract confidential information.
The Positive Technologies study on rootkits
A new study by Positive Technologies has analyzed how rootkits have evolved in recent years and the danger they represent. This is an in-depth study of rootkits used by cybercriminal groups during the last decade, that is, since 2011. In the 44% of the cases, hackers they use rootkits to attack government agencies. On the other hand, with a slightly lower percentage of 38% the rootkit was used to attack research institutes. Regarding the choice of objectives, experts believe that the rootkit distributors’ primary purpose is data collection.
According to this study, the industries and users most attacked by this harmful software would be:
- Attacking specific people with 56%. In this case, the attacks directed as part of cyber espionage campaigns mainly affected high-ranking officials, diplomats and employees of victims’ organizations.
- Telecommunications with 25%.
- Manufacturing with 19%.
- Financial institutions 19%.
According to Yana Yurakova, a security analyst at Positive Technologies, rootkits that are capable of operating in kernel1 mode are very difficult to develop. These are developed by highly sophisticated APT-centric groups or by groups with the financial means to buy rootkits on the black market. On the other hand, these hackers who make use of rootkits mainly focus on cyber espionage and data collection. Fundamentally they act to:
- Steal large sums of money.
- They extract information.
- Damaging the victim’s infrastructure on behalf of a payer.
You may be interested in knowing how to avoid the threat of a rootkit.
Evolution for the future
The Positive Technologies study adds that 77% of the cases of rootkits under investigation were used to collect data. On the other hand, the 31% They were motivated by financial gain, and then with a fifteen% were the attacks to exploit the infrastructure of the victim company and then carry out attacks afterwards.
As for the price of a rootkit on the dark web, it varies between € 45,000 to € 100,000 depending on the operating mode, operating system and rental time. Finally, looking ahead, researchers believe that cybercriminals will continue to develop and use rootkits. In this regard, Positive Technologies specialists have identified new versions of rootkits, which indicates that cybercriminals are implementing new techniques to bypass protection.