Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Intelligent Utility
Julian Jackson
Julian Jackson
 · Posted in Intelligent Utility

How to Protect Your Business from Rootkit Threats

Unfortunately energy companies are likely to be targeted by malicious operators. This is a short guide to protecting your business from a particularly nasty vector: rootkit threats.

If a rootkit gets installed in the deep layers of your computer operating system, it will mean that hackers have numerous vectors and tools to do harm.

Rootkits can be traced back to 1983 when they were first described by Unix OS creator Ken Thompson. They are installed at the root level of an operating system, so are a severe threat. They pose a significant danger to modern computing devices.

 

Infamous Rootkit Incidents

There have been several events where hackers used rootkits to cause harm to platforms and computer networks. Stuxnet is probably the most famous: first noticed in 2010, it was used to disrupt Iran's nuclear facilities. The virus managed to wreck 1000 of Iran's 6000 centrifuges, which the country was using to enrich uranium.

Other troublesome rootkits were the ZeroAccess botnet, which infected around 9 million computers worldwide and defrauded many individuals and companies. Another nasty is called Flame, detected by Kapersky Labs in 2011, which is able to record covertly from computer microphones, and take screenshots without the user's knowledge. This can do very serious damage both financially and reputationally.

 

How to Defend Yourself Against Rootkits

To help businesses protect themselves from rootkit attacks, the Information Security Management Handbook, Sixth Edition, Volume 2 by Eugene E. Schultz and Edward Ray offers expert guidance.

 

Protecting Business Computers and Devices

For protection, Schultz and Ray recommend that businesses utilize the following measures to prevent rootkit infections:

  • Use intrusion detection and prevention tools such as rootkit scanners

  • Apply vulnerability patches in a timely manner

  • Configure systems according to security guidelines and limiting services that can run on these systems

  • Enable the 'least privilege' principle for users

  • Deploy firewalls that can analyze network traffic at the application layer

  • Use strong authentication

  • Perform regular security maintenance

  • Limit the availability of compiler programs that rootkits exploit

 

Some of the indicators that a rootkit is inside a system include unexplained changes behavior, unexpected files in the home directory of root, or abnormal network activity.

Users need to be vigilant and the workforce needs regular reminders about phishing and other exploits like downloading apps from untrustworthy sources.

 

1. Use A Comprehensive Cybersecurity Application

Be proactive about securing your platform, apps and devices – install a comprehensive and advanced antivirus solution.

 

2. Keep Up-To-Date

Continuing software updates are essential for staying safe and preventing malicious actors from infecting your computers with malware. Keep your operating system and all programs up to date.

 

3. Be Alert To Phishing Emails

Phishing is the most prevalent entry vector, where scammers use email to fool users into providing them with their financial information or downloading malicious software, such as rootkits. Avoid opening suspicious emails, especially if the sender is unfamiliar. If you are unsure if a link is trustworthy, do not click on it.

 

4. Download Files From Trusted Sources Only

Be careful when opening attachments and avoid opening attachments from people you don’t know to prevent all kinds of malware, including rootkits, from being installed. Download software and apps from reputable sites only. Do not ignore your web browser's warnings about an unsafe website.

 

5. Be Aware Of Your Computer’s Performance Or Behavior

Behavioral issues could indicate that a rootkit is in operation. Stay alert to any unexpected issues with performance and try to find out why these are happening.

Cryptographer and computer programmer Thomas Pornin says that the rootkit needs to maintain an entry path for the attacker, which creates an opportunity for detection. In a post on Information Security Stack Exchange, Pornin recommended that IT personnel reboot the computer on a live CD or USB key and then inspect the hard disk. “If the same files do not look identical, when inspected from the outside (the OS booted on a live CD) and from the inside, then this is a rather definite sign of foul play,” he wrote.

Rootkits are one of the most challenging types of malware to track down and remove. Because they are difficult to detect, prevention is often the best defense. To ensure continual protection, your IT department should ensure it is ready to deal with the latest threats.