Regin Cyber-Spy Malware Targeted High-Priority Intelligence Quarry
NEWS ANALYSIS: It's not likely that your network will get hit by the Regin malware by accident. But if you discover it on your network it means that somebody big and powerful is after you.Finding the Regin malware on your network is sort of like getting an unexpected visit from the U.S. Navy's Seal Team Six. You know somebody very powerful is thinking about you and you wish that you had somehow passed up the honor of its visit. Like those heavily-armed Navy special operations teams, Regin and its successors don't go out on their own. They are deliberately sent. "Regin is the cyber equivalent of a specialist covert reconnaissance team," said Pedro Bustamante, director of special projects at Malwarebytes in an email to eWEEK. Regin also has some unusual capabilities, not unlike those covert special operations military units. "The analysis shows it to be highly adaptable, changing its method of attack depending on the target. It also has some very advanced evasion techniques that make it suitable for spending long periods carrying out undercover surveillance." Bustamante said that the Regin malware is delivered through common exploits, including email and online chat sessions. "The result is that targets would typically have no knowledge of infection, allowing Regin to quietly decrypt its various payloads unseen before moving stealthily through networks in the background."
As bad as that sounds, it's really the good news. Unlike malware created by cybercrime operators, Regin does not spread on its own and significantly, it can cease operations and disappear whenever its controllers tell it to.