As reported by Kaspersky experts, the number of Rootkit detections targeting businesses in Nigeria grew by 139% in the first five months of 2023. In South Africa, the figure is 74% and in Kenya 52%.
Rootkit is a malicious software or a collection of software programs used by cybercriminals to snoop into a computer or network and gain administrator-level control.
One of the most common methods used by cybercriminals to install rootkits is to compromise the supply chain of a specific victim.
The uniqueness of a rootkit lies in its considerable amount of stealth, which cybercriminals aptly use to conceal their presence while carrying out their malicious activity and bypass security controls. Often, rootkit detections are difficult to investigate and analyse.
It’s highly-evasive design enables cybercriminals to steal personal data, access financial information, install malware, use computers as part of a botnet to circulate spam or launch DDoS attacks. A rootkit malware can remain on a computer for a very long time, causing significant damage.
“APT groups are the trendsetters of the cyberthreat landscape. They consider “stealth” to be key for successful exploitative tactics because you cannot protect yourself from something you cannot see. A rootkit perfectly fits the type of technique they would use. As reported previously, some of the APT groups had started leveraging rootkits in their activities.
This trend caught the attention of other APT groups, cybercriminals and hacker communities, creating a domino effect and resulting in an increased use of rootkits. More so, since a rootkit can be installed on any hardware or software platforms, it is becoming far more dangerous as IoT and Cloud based technologies create a well-connected and integrated environment,” said Abdessabour Arous, Security Researcher, Global Research and Analysis Team at Kaspersky.
To protect governments and organisations against a rootkit, Kaspersky researchers recommend:
- Restrict access and establish strict security protocols for the use of admin privileges.
- Use the latest version of operating systems that can mitigate rootkit deployment.
- Ensure all security features of your operating systems are activated.
- Update your Unified Extensible Firmware Interface (UEFI) firmware regularly. Use software from trusted vendors only.
- Ensure you use robust cybersecurity solutions that can eliminate risks from your IT supply chain as third-party attacks are gaining momentum.
- Leverage services like the Kaspersky Threat Intelligence to leverage real-time insights on cyberthreat tactics, techniques, tools and methods.
- Having an Incident Response process and Security Monitoring capabilities in place is also helpful.