Report: Government Agencies Primary Target of Rootkit Attacks


A new study from Positive Technologies has found that government agencies are the target of nearly half (44%) of all rootkit-based attacks.

The report explores the world of these rootkits – the programs that hide the presence of malware or traces of intrusion into victims’ systems – and finds that they are mainly used by sophisticated cybercriminals. Although rootkits are expensive and difficult to create, they are here to stay. And since most rootkits are used by Advanced Persistent Threat (APT) groups, the targets are generally very specific: more than half (56%) are used to attack particular individuals, such as senior officials and diplomats. . The objectives are oriented in the same way. In 77% of cases, rootkits are used to harvest data for espionage purposes, about a third (31%) are motivated by financial gain, and only 15% seek to exploit the infrastructure to carry out subsequent attacks .

Rootkits provide significant benefits to cybercriminals, such as privileged code execution and the ability to hide from security tools and stay inside victims’ systems for long periods of time. They also help criminals cover up multi-layered and targeted attacks.

The development of rootkits is actually a complex process, usually beyond the reach of the amateur or novice hacker. However, they are available for sale on the dark web in several price ranges. For example, at the bottom of the scale, some rootkits come with time limits – they can expire in a month. In addition, the resources available go beyond specific software packages; there are developers who can add code to a target driver, customize each package to meet specific needs, or even build a project from scratch.

While the average cost is $ 2,800, full, out-of-the-box rootkits range from $ 45,000 to $ 100,000, depending on the mode of operation, target operating system, conditions of use and additional features (with remote access and hiding of files, processes and network activity being the most requested). Researchers at Positive Technologies believe that rootkits will continue to be developed and used by cybercriminals. In fact, they have already identified the emergence of new variants.

As with many variations of sophisticated attacks, there is no simple defense. To detect a rootkit, organizations should check system integrity, scan network traffic for anomalies, use a rootkit scanner and tools to detect malware and endpoint activity, and use sandbox solutions for discovery both at the installation stage and during operation.

Researchers at Positive Technologies analyzed the 16 best-known rootkit families discovered over the past 10 years to find out how and where these malware variants cause their damage.

Read the full report from Positive Technologies.


VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member


Leave A Reply