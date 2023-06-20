Rootkit detections in SA up by 74% so far in 2023

Kaspersky reports that the number of Rootkit detections targeting businesses in South Africa grew by 74% in the first five months of 2023. In Kenya, the figure is 52% and in Nigeria 139%.

Rootkit is a malicious software or a collection of software programs used by cybercriminals to snoop into a computer or network and gain administrator-level control. One of the most common methods used by cybercriminals to install rootkits is to compromise the supply chain of a specific victim.

The uniqueness of a rootkit lies in its considerable amount of stealth, which cybercriminals aptly use to conceal their presence while carrying out their malicious activity and bypass security controls. Often, rootkit detections are difficult to investigate and analyse.

Its highly-evasive design enables cybercriminals to steal personal data, access financial information, install malware, use computers as part of a botnet to circulate spam or launch DDoS attacks. A rootkit malware can remain on a computer for a very long time, causing significant damage.

“APT groups are the trendsetters of the cyberthreat landscape,” says Abdessabour Arous, security researcher in the Global Research and Analysis Team at Kaspersky. “They consider ‘stealth’ to be key for successful exploitative tactics because you cannot protect yourself from something you cannot see.

“A rootkit perfectly fits the type of technique they would use. As reported previously, some of the APT groups had started leveraging rootkits in their activities. This trend caught the attention of other APT groups, cybercriminals and hacker communities, creating a domino effect and resulting in an increased use of rootkits.

” More so, since a rootkit can be installed on any hardware or software platforms, it is becoming far more dangerous as IoT and cloud-based technologies create a well-connected and integrated environment,” he adds.