January 7, 2015
Earlier this week, Symantec researchers released a report concerning a newly discovered piece of malware that has been in use since at least 2008. Normally, reports like this don’t make front-page news. But this is no ordinary piece of malware.
With only around 100 infections seen globally so far, Regin (pronounced “region”) was built for one purpose: international, systematic spying. The sophistication and technical competence required to create this tier of malware combined with the geographic location of infected targets (largely Russia, Saudi Arabia) indicates that a Western government is likely responsible.
Regin is capable of executing numerous malicious payloads: capturing screenshots, recording keystrokes, silent monitoring of web traffic, stealing passwords, and recovering deleted files to name a few.
According to Kaspersky Lab, a “mind-blowing” attack was uncovered against an unnamed country in the Middle East. All victims in this country communicated with one another, forming a net of cyber espionage that included the president’s office, a research center, educational institution and a bank.
What does all this mean?
From a timeline perspective, what we’re seeing is another milestone for cyber warfare. Malware has never been used in this way before. It represents the result of a steadily increasing level of interest by nation-states in the capabilities of cyber attacks. OST Security believes this trend will continue: attacks will grow in frequency, complexity, and with an increasing number of functions.
Most users do not need to worry about being infected with Regin right now. Targets seem to be limited and selected with specific intent. Regardless, most security vendors will be adding Regin to their databases of detected malware – so keeping your antivirus up to date and adhering to generally good security practices (applying updates, staying away from dangerous sites, etc.) should go a long ways.