Security expert: Regin is scary and companies should be on alert

Cybersecurity companies are outlining additional details about the sophisticated Regin spyware malware, but no one has a complete picture just yet.

Security expert: Regin is scary and companies should be on alert
Published
Updated
3 minutes & 45 seconds read time

Cyberattacks aren't just for breaching companies and stealing customer payment data, as cyberespionage remains a significant threat to governments and critical infrastructure. The latest high-profile discovery of malware announced in recent weeks was Regin, a nasty piece of malware designed for a rather complex and sinister purpose.

Security expert: Regin is scary and companies should be on alert 1

Computer security specialist Symantec publicly disclosed details about Regin, a highly-sophisticated malware designed to spy on compromised networks. Specifically, Regin can compromise usernames and passwords, take screenshots, retrieve and copy deleted files, and go as far as hijacking a PC's mouse and keyboard.

The malware was most likely used to target governments, telecom operators, research organizations, financial institutions, political groups and mathematical and cryptography researchers.

Symantec, which was the first company to disclose details about Regin, described it as "groundbreaking" and "almost peerless" in the way it operates.

Regin has been so professionally created that it likely took creators many months before being able to legitimately deploy it against select targets. Contaminated computers breached by Regin began to appear since at least 2008, but cybersecurity companies were unable to immediately piece together its level of sophistication.

Trying to determine which nation is behind Regin is proving difficult, but it's likely the United States and British governments played a role in its development. It's possible that Israel may have had a hand in being a junior partner in its development, such was the case when Stuxnet was discovered in 2010, targeting Iranian computer networks.

No security companies have a complete picture of how Regin is coded and what its full capabilities are, but they are continually learning more about the threat. It will take additional time before cybersecurity firms are able to pull it apart and learn more.

Security expert: Regin is scary and companies should be on alert 2

"Because of the substantial scope of the platform that Regin represents it took a substantially longer period of time to quantify and classify," said Andrew Shea, Vice President of security solutions company Conventus, in a recent conversation with TweakTown. In order to execute the necessary forensic and analytical activity effectively, the study of Regin needed to occur in an extended stealth mode.

The Regin malware targeted a variety of targets, including the following nations: Afghanistan, Algeria, Belgium, Brazil, Fiji, Germany, India, Iran, Ireland, Mexico, Brazil, Indonesia, Kirbati, Malaysia, Syria, Russia and Pakistan, cybersecurity experts reported. It would appear most of the machines were targeted in Russia and Saudi Arabia.

Coincidentally, Regin spared the United States, UK, Australia, Canada and New Zealand; all five are English speaking countries and political allies.

There is great benefit for Regin's operators in breaching critical infrastructure, giving the operators valuable insight into technology development, ways to modernize their own systems, and to find weaknesses in foreign systems.

"Regin is frightening in its breadth, sophistication and maturity. As we noted earlier, Regin is an intelligence collection platform. It combines the sophistication of all that entails with the modularity/multi-stage planning that demonstrates strategic thinking and actuation. This maturity of thought process is more sophisticated than the countermeasure strategies meant to detect such a threat. That is the truly frightening part."

However, Regin is a type of malware that has been designed to serve as a code toolkit that can be modified based on the needs of the organizations running it. Regin has the ability to cloak itself to look like Microsoft software, making it even easier to circumvent next-generation security software.

Designers were careful to verify Regin would be able to conceal itself and avoid detection while collecting data on compromised computers. It could have victimized computers and networks for years before security teams were alerted to its presence, if ever.

End users don't need to be overly concerned about Regin, as it's not malware designed to snoop on them - and essentially is impossible to detect and prevent.

"Home users don't need to be overly concerned about this threat as their ability to identify an attack by it is very close to zero. However, it is even more important to take note - and respond accordingly - to any communications from their ISP indicating they have been compromised."

Cyberattacks continue to gain significant media attention - mainly because of large data breaches suffered by US retailers - and is helping educate Internet users about potential threats. However, there is always more work that can be done, with companies looking to find new methods to secure their networks, while consumers need to be more vigilant of cyberattacks.

"This past weekend 60 Minutes aired a piece on cybersecurity and one of the statistics was that 97 percent of today's organizations have been breached. When you take that fact and couple it with the reality that the Regin platform is well architected and precisely delivered intelligence platform, it exponentially increases the necessity whether for individuals or corporations to identify and lock down valuable assets with great haste."

For corporations, it amplifies that absolute necessity for having resources focused on external threat analysis so that any IOCs that platforms like Regin do have can be identified."

This type of cleverly-coded malware isn't new, but is evolving as more nations try to spy on political rivals and steal information from foreign companies. It's important for companies to encrypt sensitive data and communications, so only authorized workers have access to data. Unfortunately, Regin could have spread by social engineering, and trying to teach employees to avoid phishing tactics - a rather tough order to fill - could prevent some targets from being breached.

As for end users, Regin isn't something that will be mimicked and duplicated by cybercriminals, as there are easier, more lucrative ways to launch malware attacks to compromise point-of-sale (POS) machines, PCs, laptops, and mobile products.

An experienced tech journalist and marketing specialist, Michael joins TweakTown to cover everything from cars & electric vehicles to solar and green energy topics. A former Staff Writer at DailyTech, Michael is now the Cars & Electric Vehicles News Reporter and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Newsletter Subscription

Join the daily TweakTown Newsletter for a special insider look into new content and what is happening behind the scenes.

Right of Reply

We openly invite the companies who provide us with review samples / who are mentioned or discussed to express their opinion. If any company representative wishes to respond, we will publish the response here. Please contact us if you wish to respond.

Related Tags

Newsletter Subscription