Rootkits: Expensive to build, cheap to rent

Image: Hanna Ferentc, Getty Images/iStockphoto

Rootkits are costly and analyzable to physique but worthy the concern for cybercriminals looking to harvest data, according to a caller report. Positive Technologies studied rootkits utilized by hacker groups implicit the past 10 years. The astir communal usage lawsuit was information harvesting from authorities agencies and probe institutes. 

Cybercriminals besides usage rootkits to people individuals arsenic portion of cyberespionage campaigns against high-ranking officials, diplomats and employees of unfortunate organizations.

The investigation recovered that the apical 5 industries astir attacked by rootkits include: 

• Government agencies: 44%
• Research institutes: 38%
• Telecommunications: 25%
• Manufacturing: 19%
• Financial institutions: 19%

Yana Yurakova, a information expert astatine Positive Technologies, said successful a property merchandise that transgression groups that usage rootkits tin beryllium either financially motivated criminals looking to bargain ample sums of money, oregon groups mining accusation and damaging the victim's infrastructure connected behalf of a paymaster.

"Rootkits, particularly ones that run successful kernel mode, are precise hard to develop, truthful they are deployed either by blase APT groups that person the skills to make these tools, oregon by groups with the fiscal means to bargain rootkits connected the grey market," Yurakova said. 

SEE: How to hole your squad to code a important information issue

Alexey Vishnyakov, caput of malware detection astatine the Positive Technologies Expert Security Center, said successful a property merchandise that cybercriminals are ever coming up with caller techniques for bypassing security.

"A caller mentation of Windows appears, and malware developers instantly make rootkits for it," helium said. 

The study notes that the comparatively caller Moriya rootkit already provides mechanisms for bypassing the information tools built into the OS, specified arsenic checking the mandatory signature of drivers and the PatchGuard module. 

Vishnyakov said Positive Technologies expects well-organized APT groups to support utilizing rootkits.

"This means it's nary longer conscionable astir compromising information and extracting fiscal gain, but astir concealing analyzable targeted attacks that tin entail unacceptable consequences for organizations — from disabling captious infrastructure, specified arsenic atomic powerfulness stations, thermal powerfulness plants and powerfulness grids, to anthropogenic accidents and disasters astatine concern enterprises," helium said. 

The study besides notes that rootkits started arsenic kernel-mode malware, but that attack has changed implicit time. Malware developers person shifted their absorption to user-mode rootkits, which are easier to physique and necessitate little precision and knowledge. The study authors note:

"...there is nary constituent over-complicating an onslaught if determination is assurance that the defence strategy is ineffective. If a constituent of introduction to the institution is found, and quality has shown that the perimeter is weakly protected and determination are important flaws successful the information system, it is irrational and excessive to usage a kernel-level rootkit, which requires a batch of effort to make and which tin pb to complications."

Expensive to build, inexpensive to rent

As portion of the report, Positive Technology analysts reviewed 10 of the astir fashionable Russian-language and English-language forums connected the Dark Web. They looked for ads selling customized rootkits arsenic good arsenic privation ads for hiring malware developers. Windows was the astir communal people with 67% of acquisition announcements looking for a rootkit for that OS. 

The study besides looked astatine the outgo of gathering and renting rootkits. A implicit customized rootkit ranges from $45,000 to $100,000 but criminals tin rent a kit for a period for arsenic small arsenic $200. Most rental fees were betwixt $500 and $5,000, according to the investigation by Positive Technology. 

The study authors wrote that atrocious actors tin "find some ready-made variants of malware 'for immoderate budget,' arsenic good arsenic developers who volition adhd the codification to the people driver, oregon make a caller project…"

Also spot

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
• Shadow IT argumentation (TechRepublic Premium)
• Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)