The industrialization of hacking has introduced a wave of threats that are increasingly sophisticated, coming from more effective and efficient actors profiting from attacks on IT infrastructure. If you think about it, just 10 years ago we were focused on less sophisticated attacks such as Blaster and Slammer. Over time, we have moved from stopping simple viruses and macroviruses of the 1990s to worms, spyware and rootkits, along with advanced persistent threats (APTs) and crimeware.
In this video we examine rootkits, a set of software components used to maintain a persistent and undetectable presence on a computer. Despite its reputation, not all rootkits are inherently malicious; some rootkits are designed to mask cheating in video games or to bypass software product activations.
That said, most rootkits today are indeed bundled with malware such as keyloggers, or they take control of the system as a zombie member of a botnet to launch other attacks. Rootkits are classified based on the level of the system in which they operate, from firmware rootkits up to userland rootkits. The difficulty of detecting rootkits depends on their sophistication and their classification.
Watch the video below to learn more about how rootkits operate.