Rootkits are the tool of choice to attack governments around the world

An abstract image of digital security.
(Image credit: Shutterstock)

Analyzing rootkits used in attacks over the past decade, cybersecurity researchers have discovered that close to half (44%) have been used to power campaigns that have focused on compromising government systems. 

Moreover, examining the evolution of rootkits in cyberattacks, the study from Positive Technologies notes that irrespective of the target 77% of rootkits are used by cyber-criminals for espionage purposes. 

The researchers describe rootkits as sophisticated programs that hide the presence of other malicious software or traces of intrusion in victim systems, and aren’t the most common type of malware.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

After governments, next in their firing line are research institutes (38%), followed by large-scale businesses involved in telecommunications (25%), manufacturing (19%), and financial institutions (19%). 

Payment exceeds costs

Arguing that rootkits difficult and costly to create, Yana Yurakova, a security analyst at Positive Technologies says they are deployed either by sophisticated advanced persistent threat (APT) groups that have the skills to develop these tools, or by groups with the financial means to buy rootkits on the gray market.

“Attackers of this caliber are mainly focused on cyber-espionage and data harvesting. They can be either financially motivated criminals looking to steal large sums of money, or groups mining information and damaging the victim's infrastructure on behalf of a paymaster," asserts Yurakova.

According to their research, the cost of an off-the-shelf rootkit varies between $45,000 and $100,000, depending on various factors, such as the target operating system.

In 77% of cases, the examined rootkit families were used to harvest data, around a third (31%) were motivated by financial gain, and just 15% of attacks sought to exploit the victim company's infrastructure to carry out subsequent attacks. 

In every case, the researchers find that the payouts from the attacks exceeded the costs, concluding that rootkits are “here to stay.”

Protect yourself against rootkits by securing your computers with these best endpoint protection tools.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.