DefenseArk #ThreatIntelThursday | Rootkits
This article is part of #ThreatIntelThursday @OpenAVN, an ongoing series that offers readers authoritative, but easily digestible, information about different malware, how they might be vulnerable to attacks, and what they can do to protect themselves. To read past Threat Intel Thursdays articles, click here. (We suggest starting from Week 1: Malware.)
Background
The term “rootkit” is, as you might have guessed, a combination of two words — root, and kit. On Linux and Unix systems, a Root is the Administrative account on the computer network. Kit refers to the software that implements the hacking tool.
A rootkit is a computer program designed to provide continued access to privileged information that is generally protected by the computer’s Admin network. A rootkit is specifically designed to hide its presence on its host computer, meaning that a rootkit can exist on an otherwise legitimate machine without the user knowing.
Rootkits are most commonly used as a form of malware, usually with trojans, viruses, and worms, which conceal themselves and their malicious activity from the computer users and other system processes.
What can a rootkit do?
Because a rootkit is built into the computer’s administrative structure, a rootkit can allow an attacker to gain and maintain control over a computer — without the user being aware of their presence. Once the rootkit has been installed, the attacker in control of the rootkit can remotely access the computer, make changes to the computer’s files and system configurations. On top of that, using a rootkit, the controller can spy on the computer’s legitimate owner, tracking their activity on the computer. All of this, without the computer’s owner being the wiser.
Once a rootkit is installed, it can wreak all kinds of havoc, both on your system and on others. Once a malware has installed a rootkit onto your system, it can hide a keylogger, or use your computer for a Denial of Service attack on another system, turning your computer into a zombie for an attacker’s nefarious purposes.
To defend your system from rootkits and other malware that may be lurking unknown on your system, a lightweight but heavy-duty Endpoint Protection Platform (EPP) is imperative. BrightScan is a cloud-based, blockchain-powered endpoint protection platform that can be customized to fit your needs — it is user-friendly enough for the home office and powerful enough to protect large enterprises.
Contact our Head of Sales, Jourdan Parkinson, to schedule a free demo of our cloud-based EPP BrightScan, our internet firewall Torus, or just to chat about how our products can work for you.
For more of the latest in cybersecurity, subscribe to DefenseArk’s blog right here on Medium. In addition to Threat-Intel Thursdays, we also write about breaking news, thought leadership, and deep-dives into cyber intel.
