Regin, the latest malware threat, is also one of the more mysterious ones. When Symantec unveiled details of the new cyber espionage campaign last weekend, its researchers described it as a highly sophisticated threat with an unprecedented level of technical competence.
Security experts outside of Symantec, however, take issue with the assertion that Regin is an advanced malware attack. “Although Regin may have gone undetected in some environments, the malware is not particularly stealthy,” said Ken Westin, security analyst with Tripwire. “It makes a number of file changes and registry key changes, so signature based antivirus products may be circumvented, but any organization monitoring for configuration changes in hosts would identify these changes.”
“This is no more and no less a threat than prior malware because it infects systems the same way, via browser exploit activated by clicking emailed links or visiting compromised websites,” agrees Kevin Epstein, VP of information security and governance for Proofpoint.
Here’s the mystery: There isn’t any indication Regin is active in the United States. According to Symantec researchers, Regin was detected in 10 countries: Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.
Why no U.S. targets? Some will likely suggest that Regis was crafted by U.S. interests for use gathering intelligence on terrorists or foreign nations. Tripwire’s Westin suggests the U.S. government and corporations simply have better defenses in place, and U.S. targets are more capable of detecting the threat and defending the attack vectors targeted by Regin.
Now that Regin has been discovered, though, all bets are off. The malware can now be reverse-engineered and spread into the U.S. and beyond.
For individuals, the biggest threat is that the techniques can be used or adapted by run-of-the-mill malware developers for attacks against average users. Chris Messer, VP of technology for Coretelligent, says “As with any new malware discovery, this merely reinforces the need for individuals and businesses to maintain a strong security posture with their mobile devices and computers to protect against new threats such as Regin.”
Specifically, Messer stresses the need to follow these five best practices to minimize exposure to malware attacks.
Ensure you’re running the current supported version of any major operating system or software product.Verify that your security/antivirus software is up-to-date and running a regular daily or weekly full scan of your system.Keep your Web browsers (Internet Explorer, Chrome, Firefox, Safari) updated to avoid any potential security vulnerabilities.Watch for suspicious pop-ups on your system, and never click on any advertisements or browser pop-up windows that are generated from suspicious websites.Check the installed software on your computer on a regular basis, and question/investigate any items that appear to be out of place.
These tips won’t protect you against every possible threat, but they will minimize your exposure to Regin and its ilk.