Rootkit Attack Detections Increase at UAE Businesses
Detections of rootkit attacks against businesses in the United Arab Emirates are up 167% in 2023, with an increased view of their use in the Middle East overall.
Coverage examines rootkits, malware designed to hide persistent access, including incident analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
A rootkit is malware or a set of tools designed to hide malicious code, files, processes, accounts, or system activity, often by operating with privileged access. Rootkits may reside in user space, the kernel, boot components, or firmware; their location affects what security tools can see, how persistent they are, and how recovery must be performed. Not every privileged malware component is a rootkit, and capabilities vary.
Rootkits matter because they can cause host-based tools to report an incomplete system state, complicating detection and evidence collection. Useful defenses include least privilege, prompt patching of vulnerable drivers and boot components, Secure Boot and signed code where supported, and monitoring for unexpected kernel, boot, or firmware changes. If compromise is suspected, validate the system from trusted offline media and preserve evidence before remediation. Recovery may require rebuilding the system and, for lower-level compromise, checking or re-flashing firmware through documented platform procedures.
Detections of rootkit attacks against businesses in the United Arab Emirates are up 167% in 2023, with an increased view of their use in the Middle East overall.