Arraya Insights | December 2, 2014
It’s been called “groundbreaking” and “almost peerless,” and it’s been lurking in the wilds of the cyber landscape undetected since at least 2008. It’s a piece of malware known as “Regin,” and it has thoroughly impressed – and baffled – hardened security experts since its recent discovery.
The malware, which was first made public by Security firm Symantec, has been secretly collecting data and monitoring the activities of individuals and organizations around the world. Russia, Saudi Arabia, and Mexico are some of the countries most frequently targeted by the program.
Among Regin’s many capabilities are: taking screenshots of an infected machine, assuming control of a mouse’s point and click functions, capturing passwords, gaining access to deleted files and keeping watch on network traffic.
Regin can be customized to more effectively monitor a particular target. It’s also very adept at hiding itself, using highly-advanced stealth techniques to go about its work unnoticed. Regin has a multi-staged, modular structure which makes studying it very difficult. This is because all of the components must be visible in order for them to be completely understood. That modular structure was also found in Flamer and Weevil, two other sophisticated malware families.
There’s a lot about Regin that is still unclear, such as: what has it gotten its hands on so far and what kind of risk does it present? However the experts do have a few guesses on one question: who made it? The sheer technical complexity of Regin seems to put the blame beyond even the most talented shadowy hacker group. Instead, experts are under the impression that it must be some kind of government-created cyberespionage tool. Theories abound about the government – or governments – behind the malware, but no smoking gun has been tied to the malware quite yet.
So what does all this mean for your company?
Well, it’s highly unlikely you’re going to find yourself or your system being monitored by a super-advanced cyberespionage tool created by a government agency. However, the idea that something like Regin could go about its business totally unnoticed for possibly as long as six years should raise some questions of its own. For example: “What kind of malware is skulking about in my system?” and maybe even more importantly, “What openings or vulnerabilities exist in my digital architecture that could let someone with bad intentions in?”
These are the sorts of issues that a free security architecture consultation from Arraya can help suss out. If you haven’t already, be sure to reach out to your Arraya Solutions Account Executive or click here to set-up your consultation today.