The Regin malware threat: Real protections against a mysterious danger

Regin's a puzzle, with a long career that has yet to affect the U.S. If that should happen, the classic measures will be your best defense.

Regin, the latest malware threat, is also one of the more mysterious ones. When Symantec unveiled details of the new cyber espionage campaign last weekend, its researchers described it as a highly sophisticated threat with an unprecedented level of technical competence.

Security experts outside of Symantec, however, take issue with the assertion that Regin is an advanced malware attack. "Although Regin may have gone undetected in some environments, the malware is not particularly stealthy," said Ken Westin, security analyst with Tripwire. "It makes a number of file changes and registry key changes, so signature based antivirus products may be circumvented, but any organization monitoring for configuration changes in hosts would identify these changes."

"This is no more and no less a threat than prior malware because it infects systems the same way, via browser exploit activated by clicking emailed links or visiting compromised websites," agrees Kevin Epstein, VP of information security and governance for Proofpoint.

Here's the mystery: There isn't any indication Regin is active in the United States. According to Symantec researchers, Regin was detected in 10 countries: Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.

Why no U.S. targets? Some will likely suggest that Regis was crafted by U.S. interests for use gathering intelligence on terrorists or foreign nations. Tripwire's Westin suggests the U.S. government and corporations simply have better defenses in place, and U.S. targets are more capable of detecting the threat and defending the attack vectors targeted by Regin.

Now that Regin has been discovered, though, all bets are off. The malware can now be reverse-engineered and spread into the U.S. and beyond.

For individuals, the biggest threat is that the techniques can be used or adapted by run-of-the-mill malware developers for attacks against average users. Chris Messer, VP of technology for Coretelligent, says "As with any new malware discovery, this merely reinforces the need for individuals and businesses to maintain a strong security posture with their mobile devices and computers to protect against new threats such as Regin."

Specifically, Messer stresses the need to follow these five best practices to minimize exposure to malware attacks.

  • Ensure you're running the current supported version of any major operating system or software product.
  • Verify that your security/antivirus software is up-to-date and running a regular daily or weekly full scan of your system.
  • Keep your Web browsers (Internet Explorer, Chrome, Firefox, Safari) updated to avoid any potential security vulnerabilities.
  • Watch for suspicious pop-ups on your system, and never click on any advertisements or browser pop-up windows that are generated from suspicious websites.
  • Check the installed software on your computer on a regular basis, and question/investigate any items that appear to be out of place.

These tips won't protect you against every possible threat, but they will minimize your exposure to Regin and its ilk.

Join the CSO newsletter!

Error: Please check your email address.

Tags proofpointsymantecTripwiresecuritymalware

More about ProofpointSymantecTripwire

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place