Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

A new study from Positive Technologies found that government agencies are the targets in nearly half (44%) of all rootkit-based attacks.

The report explores the world of these rootkits — the programs that hide the presence of malicious software or traces of intrusion in victim systems — and finds they’re used primarily by sophisticated cybercriminals. While rootkits are costly and difficult to create, they’re here to stay. And since most rootkits are used by advanced persistent threat (APT) groups, the targets are typically very specific: More than half (56%) are used to attack particular individuals, such as high-ranking officials and diplomats. The goals are similarly focused. In 77% of cases, rootkits are used to harvest data for espionage, around a third (31%) are motivated by financial gain, and only 15% seek to exploit infrastructure to carry out subsequent attacks.

Rootkits offer significant advantages to cybercriminals, such as executing code in privileged mode and being able to hide from security tools and remain inside victim systems for long periods of time. They also help criminals conceal multilayered and targeted attacks.

Rootkit development is actually a complex process, typically beyond the reach of the amateur or rookie hacker. However, they’re available for sale on the dark web in multiple price ranges. For example, at the low end, some rootkits come with time limits — they might expire in a month. Also, the resources available go beyond specific software packages; there are developers who can add code to a target driver, customize each package to meet specific needs, or even create a project from scratch.

While the average cost is $2,800, complete and off-the-shelf rootkits range from $45,000 to $100,000, depending on the operating mode, target operating system, terms of use, and additional features (with remote access and concealment of files, processes, and network activity being the most commonly requested). Positive Technologies researchers believe rootkits will continue to be developed and used by cybercriminals — in fact, they’ve already identified the emergence of new variants.

As with many sophisticated attack variants, there’s no simple defense. To detect a rootkit, organizations should check the integrity of the system, analyze network traffic for anomalies, use a rootkit scanner and tools for detecting malicious software and activity on end nodes, and use sandbox solutions for detection at both the installation stage and during operation.

Positive Technologies researchers analyzed the 16 best-known rootkit families discovered over the past 10 years to uncover how and where these malware variants do their damage.

Read the full report by Positive Technologies.


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member