Rootkits are at the heart of the hacker's illegal work, but many are unfamiliar with the term. Below, we take an in-depth look at what rootkits are and how you can keep an eye on the malicious activity in your devices and operating systems.
What are rootkits?
Cyber threats might not be the first thing that comes to mind when you hear the word rootkit. But it's at the heart of what hackers do in cybercrime.
Rootkit is a contraction of "root" and "kit". Root refers to "admin", which is an administrator. Kit is another word for tools for the software. Therefore, a rootkit is a set of tools that gives someone the role of an administrator - or, as they are also called in the cyber world, privileged users - on websites and systems.
This is one of the reasons why rootkits are so dangerous, because malicious actors can gain the role of a privileged user and thus access to multiple systems and data. Usually, privileged users are IT managers because they need to be able to access all functions that employees can access - if there's a problem, IT needs to be able to fix it. This makes them an attractive target for hackers, as they can access more via the IT manager's profile than if they gain access via an employee in, for example, the sales department. If the hacker targets a person from sales,they will only have access to a limited amount of data compared to the data IT has access to.
Another thing that makes rootkits dangerous is that you can't detect the hacker's activity on the device they are hacking. If a hacker manages to get a rootkit on your device, they can sit and circumvent the device from a remote location. Typically, they can get rootkits on the victim's devices through phishing. This means that the hacker has sent an email with a malicious link and the victim has clicked on it - thus installing the rootkit on the device.
Rootkits can be used to
- monitor activities
- steal sensitive data
- delete or disable antivirus programs
- install malware
You might think that rootkits are viruses that get installed on devices. But it's actually a type of malware. In principle, viruses are also malware, but only one type of malware - rootkits have a lot more functions than normal viruses.
The danger of rootkits
As mentioned, rootkits are a more dangerous type of malware. But it also requires a bit of elaboration.
The first reason why rootkits are something to be cautious of is that they are more insidious than other types of malware. We've already mentioned that they can't be detected immediately, but they can also spread through downloads, phishing emails and other tools hackers use when hacking. This can be done, for example, by using Trojans that hide malware behind software that looks legitimate and safe.
Rootkits will not attract attention if installed on a device, and you will not experience any major symptoms that the device is infected. This means that they can even bypass security programs. Therefore, one of the only solutions to make sure you don't have rootkits on your device is to format the device's drive and reinstall the operating system.
Finally, rootkits' many features are also a threat to our software and devices. Experts call rootkits a Swiss Army knife, because it can do so many different things. Some rootkits can steal and install
- Login credentials
- Disable security protocols
- Sensitive data
- Monitor activities
Other rootkits can force access to systems and install even more malware on the device. If a hacker possesses the right rootkit, they can install and deploy a bot, expanding their botnet.
There are many different types of rootkits and they are used according to need and purpose:
- Firmware rootkit: This is a type of rootkit that exploits the role of firmware on devices. Firmware is a type of software that provides basic control over the specific hardware it's coded for. There's firmware on every device, from tablets and phones, to our washing machines and TVs. Because it's such a basic element in technology, detecting rootkits in firmware can be a challenge - this makes it a difficult rootkit for security professionals to discover and thus an even more attractive malware for hackers.
- Memory rootkit: A memory rootkit attaches itself to your computer's RAM, which is short-term storage on your computer. It stores information that is being actively used so that the information stored in RAM can be accessed quickly and easily. Memory rootkits can slow down your computer's processor because it has been affected by malware. Additionally, you can typically remove the memory rootkit by restarting your computer, as a restart clears the RAM - and thus removes the rootkit that has attached itself to the RAM.
- Kernel rootkit: The kernel is the core of your operating system. It is therefore a critical part of your device and getting a rootkit attached to it can do a lot of damage. The rootkit attacks essential functions of your operating system, giving the hacker control over vital elements of your device.
- Bootloader rootkit: A computer's bootloader boots systems when you turn on the device. In other words, the bootloader loads the operating system. A rootkit that attaches itself to this function will affect the software and operating system before it's ready to launch and boot. Bootloader rootkits are not as dangerous as some of the other types of rootkits as they have built-in security on most devices.
- Application rootkit: This is a type of rootkit that modifies existing apps and files on your device. So every time you use the programs, the hacker can keep track of your activities. However, this is one of the most obvious rootkits and is therefore easy to detect as it will often cause programs and files to behave oddly.
Dealing with rootkits
You can detect rootkits by, e.g., noticing if your
- systems crash
- software fails
- antivirus programs crash
In addition, there are various things you can do to prevent rootkits from infecting your software and devices.
First of all, you can scan your systems for unidentified files, programs and threats. By scanning your devices, you can detect malware that can harm your device and systems.
Next, you can be aware of phishing as this is one of the methods hackers use to install malware and rootkits on your device. As always with cybersecurity, good cyber defense starts with employees being trained in cybersecurity. One of the first pieces of advice in awareness training is to avoid clicking on links and files in emails, because you never know if they contain malicious software.
Finally, remember to keep your devices and software updated, as it is through holes in software and operating systems that hackers are able to penetrate. Updates contain patches that patch the holes, making it harder for cybercriminals to get through.
Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.View all posts by Caroline Preisler