Blog Home  »  Web Application Security   »   Is the Latest Malware Regin, Government’s Baby?

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

Is the Latest Malware Regin, Government’s Baby?

Posted DateNovember 25, 2014
Author Bio
Posted Time 3   min Read

It’s Déjà vu. In 2010, malicious software called Stuxnet introduced the world to a cyber-weapon that could affect major industries of nations. Now, almost four years later, another stealth malware, Regin has arisen, which even though discovered 24 hrs. ago, is thought to have been used for spying since 2006. Regin is an extremely developed malware, some citing it as the most sophisticated malware seen as yet, which is thought to be used for stealing sensitive data from selected industries based in certain countries. What is the similarity between Stuxnet and Regin, you ask. The company that found it says, that the multi-stage architecture is reminiscent of Stuxnet. While Stuxnet was supposedly designed to target Iran’s nuclear equipment with the purpose of damaging them, Regin seems to be built with the purpose of stealing data. So instead of damage, cyber-espionage seems to be the purpose of Regin. Still dangerous, we agree.

Regin-Who Art Thou?

On Sunday, Symantec, a computer security company, mentioned in a report that they had uncovered an advanced piece of malware, which might have been in use for more than eight years. This malware goes by the name Regin. It is being considered the most sophisticated piece of malicious malware ever seen, which probably was created by the government.

The sophistication of the software indicates that Regin is not just another malware but a cyber-espionage tool created by a nation-state. If not years, then it definitely took months to create this malware, and that in itself gives an idea about the kind of effort put in for creating Regin and the expertise required. It’s almost an invisible malware, as the creators have gone to great lengths to hide its digital imprint. The malware is made such that it is suitable for long-term mass surveillance, lasting several years.

The Infection method for malware involves the use of fake websites or Yahoo instant messenger.

Is This Malware Target Specific?

Government organizations, businesses, and private individuals, all have been affected. Regin is thought to be target-specific, both geographically as well as industry-wise. It is also being said that the malware has been tailored as per its targets.

If focusing on geography, surprisingly (maybe not so surprised) more than half the infections are found in Russia, Saudi Arabia, and Ireland. While these countries have been hit the most, Mexico and India have also been subjecting Regin’s attention.

Industry-wise, Regin’s main targets consist of the energy sector, telecom companies, and internet service providers. It’s suspected that the malware has been eavesdropping on calls and communications circulating through these companies. Its targets also include the airline and hospitality sector, and the research sector.

It is also being said that computers affected are mainly Windows computers.

Effects of Regin?

As per the studies, a large number of networked computers are infected by Regin. Once installed on a computer, Regin allows remote cybercriminals to control the infected computer. They can spy on the victim, hijack the mouse’s click function, steal passwords and data, take screenshots of sensitive data and recover deleted files. The malware can be manipulated in many ways, thereby giving the attacker a wide berth for the kind of attacks that can be made possible. Some more ways by which the hacker can take advantage of this malware are by monitoring network traffic and analyzing email from Exchange databases.

Being a complex malware, researchers are expecting to find additional functionality and versions of Regin.

As per reports, Regin uses several stealth features to avoid being detected. This makes finding it tougher than normal malware and requires the help of experts. Even when found, it is tough to figure out the purpose of Regin.

Symantec has come up with a list of symptoms that indicate you are infected with this malware. They include file names, names of executables, registry entries, etc. They may be used to detect infection.

A traffic analysis method is being recommended to detect the malware activities on the victim’s system. Enterprises should at least use a Malware Monitoring Scanning Service to ensure that they are not inadvertently spreading malware like Regin. Take professional help to avoid being a distribution point for malware like Regin.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.