Regin Malware: What it Means and How It Affects You

7 Jan

Earlier this week, Symantec researchers released a report concerning a newly discovered piece of malware that has been in use since at least 2008. Normally, reports like this don’t make front-page news. But this is no ordinary piece of malware.

Regin Malware

Regin Malware

With only around 100 infections seen globally so far, Regin (pronounced “region”) was built for one purpose: international, systematic spying. The sophistication and technical competence required to create this tier of malware combined with the geographic location of infected targets (largely Russia, Saudi Arabia) indicates that a Western government is likely responsible.

Regin is capable of executing numerous malicious payloads: capturing screenshots, recording keystrokes, silent monitoring of web traffic, stealing passwords, and recovering deleted files to name a few.

According to Kaspersky Lab, a “mind-blowing” attack was uncovered against an unnamed country in the Middle East. All victims in this country communicated with one another, forming a net of cyber espionage that included the president’s office, a research center, educational institution and a bank.

What does all this mean?

From a timeline perspective, what we’re seeing is another milestone for cyber warfare. Malware has never been used in this way before. It represents the result of a steadily increasing level of interest by nation-states in the capabilities of cyber attacks. OST Security believes this trend will continue: attacks will grow in frequency, complexity, and with an increasing number of functions.

Most users do not need to worry about being infected with Regin right now. Targets seem to be limited and selected with specific intent. Regardless, most security vendors will be adding Regin to their databases of detected malware – so keeping your antivirus up to date and adhering to generally good security practices (applying updates, staying away from dangerous sites, etc.) should go a long ways.

—-

Jeff Serini

Jeffery Serini, IT Security Consultant at OST

Jeffery Serini’s IT security obsession dates back to his teenage years, when he began pen-testing on their home computer. Serini is presently an IT Security Consultant at OST. After joining the Security Team in 2011 under W. Scott Montgomery, he has performed over 250 Security Assessments and consulted with a wide variety of clients, including those in the financial, manufacturing, healthcare, gaming sectors and more. Leveraging a unique approach, the OST Security Team is capable of providing a practical and relevant assessment designed to help administrators and executives alike understand their InfoSec posture.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: