Mitigating Advanced Attacks. Types of Rootkits. Management Essay

Mitigating Advanced Attacks
Student’s Name
Institutional Affiliation
Mitigating Advanced Attacks
Introduction.
Today, information security is faced with various forms of malwares. Many organizations are concerned about the increasing variety of security-related threats. Countering some of these threats is challenging because of the evolving set of sophisticated attackers today. Many organizations require more resources to install strong countermeasures to control this threats, hence the controlling, monitoring and preventive process costly. In particular, rootkits feature among the major threatening malwares used by attackers to subvert system software with the aim of gaining unauthorized access to important information and files. Thus, the paper offers a deep insight rootkits and its threats in relevant to its impact at XYZ Corporation.
Rootkits refer to secret programs that are maliciously deployed by unauthorized personnel to sabotage computers' operating systems from its legitimate operators. Essentially, Rootkits programs are designed to grant attackers furtive access and control over an operating systems without the knowledge of the owner. Particularly, an operator of a rootkit gains the ability to access, launch and hide ordinary files, log files, edit configurations as well as spy on legitimate computer owners' usage remotely. Rootkits are difficult to detect and remove, although detection can be conducted through approaches such as memory dump, signature scanning and behavioral-based methods.
Types of Rootkits
Rootkits exist in various modes, namely, user-mode rootkits, kernel mode rootkits, and Master Boot Record (MBR) rootkits. User mode rootkits refer to a category of rootkits that runs with administrative privileges (Bencsáth, Pék, Buttyán, & Félegyházi, 2012). The ability to run in user mode allows user-mode rootkits to hide and provide remote access to the attackers, which helps them to maintain their control over the targeted systems. Attackers can change the configurations and the security of the trusted computing base as well as display compromised and false information to the legitimate users. In addition, user mode rootkits enable threat actors to meddle with system calls and mesh output application programming interface (APIs) (Bencsáth, Pék, Buttyán, & Félegyházi, 2012). For example, the filtration of the APIs allow attackers to hide files, network ports, processes, registry keys as well as system drivers and services with the aid of full administrative privileges.
Kernel mode rootkits are types of rootkits that runs in a kernel space. The kernel space rests between the underlying hardware space and the user application space. Attackers target the kernel space because it's the most robust and reliable level for system hooking as it is at the lowest level (Krombholz, Hobel, Huber, & Weippl, 2015). The kernel space is normally prohibited to both the unauthorized and standard authorized users. Unlike the user mode rootkits that only permits attackers to alter single applications, kernel mode rootkits allow attackers to modify the entire files supporting the application (Krombholz, Hobel, Huber, &...