Analyzing rootkits used in attacks over the past decade, cybersecurity researchers have discovered that close to half (44%) have been used to power campaigns that have focused on compromising government systems.
Moreover, examining the evolution of rootkits in cyberattacks, the study from Positive Technologies notes that irrespective of the target 77% of rootkits are used by cyber-criminals for espionage purposes.
The researchers describe rootkits as sophisticated programs that hide the presence of other malicious software or traces of intrusion in victim systems, and aren’t the most common type of malware.
After governments, next in their firing line are research institutes (38%), followed by large-scale businesses involved in telecommunications (25%), manufacturing (19%), and financial institutions (19%).
Payment exceeds costs
Arguing that rootkits difficult and costly to create, Yana Yurakova, a security analyst at Positive Technologies says they are deployed either by sophisticated advanced persistent threat (APT) groups that have the skills to develop these tools, or by groups with the financial means to buy rootkits on the gray market.
“Attackers of this caliber are mainly focused on cyber-espionage and data harvesting. They can be either financially motivated criminals looking to steal large sums of money, or groups mining information and damaging the victim’s infrastructure on behalf of a paymaster,” asserts Yurakova.
According to their research, the cost of an off-the-shelf rootkit varies between $45,000 and $100,000, depending on various factors, such as the target operating system.
In 77% of cases, the examined rootkit families were used to harvest data, around a third (31%) were motivated by financial gain, and just 15% of attacks sought to exploit the victim company’s infrastructure to carry out subsequent attacks.
In every case, the researchers find that the payouts from the attacks exceeded the costs, concluding that rootkits are “here to stay.”
Protect yourself against rootkits by securing your computers with these best endpoint protection tools.