Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Detections of rootkit attacks against businesses in the United Arab Emirates are up 167% in 2023, with an increased view of their use in the Middle East overall.

A hooded attacker sitting at a laptop in front of a UAE flag
Source: 3D generator via Alamy Stock Photo

Detections of attack attempts using rootkits against business targets in the United Arab Emirates (UAE) have significantly increased in 2023, with 2.6 times more of these types of attacks so far this year in comparison to the same time period in 2022.

According to research by Kaspersky, the number of rootkit detections grew by 167% in the first five months of 2023. In the Middle East region overall, the increase in detections was measured at 103%.

Abdessabour Arous, security researcher in the Global Research and Analysis Team at Kaspersky, said some nation-state groups have started to leverage rootkits in their activities, and other groups have followed, as a rootkit can be installed on any hardware or software platforms.

More Activity Than in Previous Years?

James Maude, lead security researcher at BeyondTrust says rootkit activity has generally been drowned out by the tidal wave of ransomware threats in recent years. "While we have continued to see some examples, they have become less common in the wild and tend to be used by more niche cybercriminal groups or by nation states conducting espionage activities," he says.

But even if they don't get the same press, they've remained popular because they're used to getting quietly into a machine. "I would say a rootkit is a is a very nice way to stay in a machine with a very small payload and maybe it stays like that for months and months," Vibin Shaju, general manager for UAE at Trellix, says.

Shaju also notes that when an attacker gains entry with a rootkit, they have full rights and can do whatever they wish while maintaining persistence, including launching a ransomware attack, downloading a keystroke monitor, or maybe just sitting on the machine and collecting information for however long you can. "So, it is all about getting the base and getting that in place, and a rootkit is a perfect way to hide," he says.

An Attackers' Collection of Tools?

Described as often appearing as though it's a single piece of software, rootkits are in reality made up of a collection of tools that allow hackers administrator-level control over the target device. Rootkits have been known to be used in targeted attacks in the past and capabilities to better disguise their actions are always in development.

Maude says that while it is generally getting harder to create and install rootkits as operating system security architectures evolve to include hypervisor and hardware level isolation, "there are still some loopholes and common mistakes that attackers are able to exploit: most commonly, giving users local admin privileges, and failing to patch systems, provides an attacker with a path to elevate their access and install rootkits which then can cause complete system compromise."

About the Author(s)

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights