“Rootkits, especially ones that operate in kernel mode, are very difficult to develop, so they are deployed either by sophisticated APT groups that have the skills to develop these tools, or by groups with the financial means to buy rootkits on the gray market,” explains Yana Yurakova, a security analyst at Positive Technologies. These are mainly targeted attacks as part of cyberespionage campaigns against high-ranking officials, diplomats, and employees of victim organizations. In addition, 56% are used by hackers to attack individuals. According to the study, the top 5 industries most attacked by rootkits also include telecommunications (25%), manufacturing (19%), and financial institutions (19%). The information handled by government and research organizations is of great value to cybercriminals. Experts link the choice of targets to the main motive of rootkit distributors: Data harvesting. Slightly less frequently (38%), rootkits were used to attack research institutes. The results show that in 44% of cases, cybercriminals used rootkits to attack government agencies. Positive Technologies carried out a large-scale study of rootkits used by hacker groups over the past decade, starting in 2011. Cybercriminals mostly using rootkits to attack government agencies ![]() The most famous application of a rootkit in an attack was the Stuxnet campaign, which targeted Iran’s nuclear program. Rootkit detections tend to be associated with high-profile attacks having high-impact consequences-often these tools form part of multifunctional malware that intercepts network traffic, spies on users, steals login credentials, or hijacks resources to carry out DDoS attacks. ![]() Rootkits are not the most common type of malware. The study finds that the majority of rootkits are used by APT groups or financially motivated criminals whose payouts exceed the costs, the most commonly targeted are government and research institutes, and 77% of rootkits are used by cybercriminals for espionage purposes. In a new report, Positive Technologies analyzes this past decade’s most infamous families of rootkits – programs that hide the presence of malicious software or traces of intrusion in victim systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |