Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Regin Cyber-Spy Malware Targeted High-Priority Intelligence Quarry

    Written by

    Wayne Rash
    Published November 26, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Finding the Regin malware on your network is sort of like getting an unexpected visit from the U.S. Navy’s Seal Team Six. You know somebody very powerful is thinking about you and you wish that you had somehow passed up the honor of its visit.

      Like those heavily-armed Navy special operations teams, Regin and its successors don’t go out on their own. They are deliberately sent. “Regin is the cyber equivalent of a specialist covert reconnaissance team,” said Pedro Bustamante, director of special projects at Malwarebytes in an email to eWEEK.

      Regin also has some unusual capabilities, not unlike those covert special operations military units. “The analysis shows it to be highly adaptable, changing its method of attack depending on the target. It also has some very advanced evasion techniques that make it suitable for spending long periods carrying out undercover surveillance.”

      Bustamante said that the Regin malware is delivered through common exploits, including email and online chat sessions. “The result is that targets would typically have no knowledge of infection, allowing Regin to quietly decrypt its various payloads unseen before moving stealthily through networks in the background.”

      As bad as that sounds, it’s really the good news. Unlike malware created by cybercrime operators, Regin does not spread on its own and significantly, it can cease operations and disappear whenever its controllers tell it to.

      It’s also different from Stuxnet, which replicated itself in its search for computers that were controlling Iraqi uranium centrifuges, but erased itself when it found that it was in the wrong environment.

      Unless you were running a uranium enrichment plant, Stuxnet created problems only because of the network resources it consumed while trying to replicate itself. Eventually it gave up and died out.

      Regin, on the other hand, does no such thing. “This remains an extremely targeted campaign,” said Costin Raiu, director of the global research and analysis team at Kaspersky Lab in Bucharest. “In total, we counted only 27 different victims, although it should be pointed out that the definition of a victim here refers to a full entity, including their entire network,” Raiu said.

      The 27 target networks were 14 countries including Afghanistan, Germany, Indonesia, Iran, Pakistan, Russia and Syria, according to Kaspersky.

      “The number of unique PCs infected with Regin is of course much, much higher. Regin is highly controlled and cannot escape because it doesn’t have automatic self-replication code inside. The only time samples appear on multi-scanner services is when victims notice it and upload it for confirmation,” Raiu explained.

      Raiu noted that the original version of Regin was withdrawn in 2011 and didn’t reappear until a new version surfaced in 2013.

      Regin Cyber-Spy Malware Targeted High-Priority Intelligence Quarry

      The difference between the versions was primarily that the first was aimed at 32-bit Windows computers, and the second at 64-bit Windows machines, reflecting the current move in the market to 64-bit platforms.

      The obvious next question is who (or what) would go to the trouble and expense required to create Regin, but target only 27 victims? Raiu declined to speculate. However, Adam Kujawa head of malware intelligence at Malwarebytes said in an email that it would take a national intelligence agency to actually pull this off.

      “It is highly possible that Regin was developed, at least in part, by a nation-state since the resources required for not only the creation of such an intricate and complex tool would be immense, but also the actual control of such a tool would require powerful systems and many man hours of sifting through data to derive meaningful intelligence.” Kujawa said.

      “The operation of this tool requires a huge effort in line with manual manipulation of how the tool works on an infected network, but also how it communicates with the command and control,” Kujawa noted. “Since Regin has a dual communication channel, meaning that the malware can talk to the attacker and the attacker can talk to the malware, it is likely not completely automated and needs constant instructions,” he explained.

      “All of these factors combined do not make up the signature for a single or couple of hackers. Nor does it fit the M.O. for a cyber-crime organization. This is a constant surveillance operation most likely executed by a government with substantial resources and the know-how to make it happen,” Kujawa asserted.

      In other words, Regin is less like a cruise missile and more like a drone. It can operate for long periods of time on its own, but ultimately someone needs to be at the controls. In addition, someone needs to be on hand to evaluate the fruits of the intelligence gathering, and to make changes if necessary.

      What’s important to nearly everyone is that the chances of the Regin malware in its current state attacking your computers or network are basically non-existent—unless, of course, you are of particular interest to the national intelligence agency controlling it.

      In that case, it’s still possible to prevent infection by strictly following safe practices such as never using critical systems for things like email and chats. But that only works if computers that are doing email and chats are kept off the network.

      In addition, now that anti-malware products know what to look for with Regin, they’re more likely to find something, but of course that’s only true if the creators of this attack don’t stay a step ahead. Unfortunately, so far they have.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×