Security fear

Security reality

Blogs
Image: Stockfresh

28 November 2014

Paul HearnsWe are now in a very odd situation where there is a now developing history and burgeoning library of state-sponsored malware floating about.

All we need do is look at the likes of Stuxnet, Duqu, Flame and now the very sophisticated Regin.

Having spoken to a number of professionals in the area of late, it looks as if Regin is not from China, or Russia, and more than likely originated a lot closer to home. What Regin has in common with most of its predecessors in this line of malware is that it is almost impossible to attribute directly to any one agency or state.

However, that said, the ‘dropper’ or the portion of the malware that actually initiates the infection, was seen as far back as three years ago, with some companies providing protection from then, without really ever knowing what the actual payload was designed to do.

It now seems as if the primary payload is merely a kind of command and control module onto which can be grafted a multitude of modules to be combined in various ways, for instance to monitor and control a mobile phone base station, if it found itself infecting such infrastructure.

The impression that has emerged from many security professionals from various research units within the security industry is that Regin has selected the best attributes and capabilities of previous pieces of malware and elegantly integrated them into its own operation, all with encryption and obfuscation that has allowed its real activities to remain undetected for quite some time. This persistent access mode of operation reveals something of the motives of its creators.

It is also a widely held belief that Regin signals a step up in sophistication in terms of the range of capabilities and the kinds of activities that could be carried out.

Our recent coverage of the Irish security landscape has shown that while the buzz around targeted attacks, sophisticated tools and advanced persistent threats has certainly raised awareness, many Irish organisations are still failing on the basics of information security. When this is combined with the advice from many practitioners in the area that organisations should not only presume they will be hacked at some point, but that they should presume their digital communications are being intercepted, it should prompt a proper review of how security is planned and implemented in this country.

As Ireland has shown up in joint third of the most affected countries in the Regin infection network, we are far from a remote outback that need not fret about such things.

Read More:


Back to Top ↑

TechCentral.ie