Rootkits and Below-the-Kernal Attacks Increase

27 December, 2012

Security researchers increasingly reference the potential for attacks that occur “below the kernel” or target new area of the “operating stack.” But does that impact the computer security at the average business today and what do you need to know about this growing threat?

The evolution of computer security software and other defenses on endpoints is driving threats into different areas of the operating system, to levels that previously haven’t been targeted by malware and aren’t necessarily protected by standard antivirus software. These attacks often have a covert and persistent nature. Rootkits are one example of a stealth threat that embeds itself outside of the OS in an attempt to evade security solutions. The problem is growing. McAfee Labs has seen more than 2 million unique rootkits, and more than a 1,000 are detected daily.

McAfee Labs predicts an increase in such attacks, and has already seen the frequency of threats attacking Microsoft Windows below the kernel increase. Some of the critical assets targeted include the BIOS, master boot record (MBR), volume boot record (VBR), GUID PartitionTable (GPT), and NTLoader.

Although the volume of these threats is unlikely to approach that of simpler attacks on Windows and applications, the impact of these complex attacks can be far more devastating. McAfee Labs predicts there will be more threats in this area during 2013.