Why REGIN Isn't The New STUXNET

This family of malware has been compared to Stuxnet; however, this is a poor  comparison since Regin does not spread the way Stuxnet did. In fact, the purposes of each malware are quite different.

Stuxnet was designed for sabotage, whereas Regin was likely designed for espionage and as a result was deployed with a great deal more of precision. If anything, the purpose and behavior of the malware is similar to Flame, another malware family, specifically designed for espionage purposes.

There is still very little known about the initial attack vector used to deploy Regin.  It appears to have been dropped using a variety of methods, including social engineering, an exploit in Yahoo Messenger and a link to a fake LinkedIn page that functioned as a watering hole.

Although Regin was designed to be stealthy, the various phases of the malware deployment can still be detected. The Regin malware actually makes a lot of ‘noise’ given the number of changes it makes on a host system if you have the right tools in place to monitor these changes on host systems.

Many of the methods used by Regin are not necessarily new and from conversations with developers are actually more like general best practices for developing Windows drivers.
The sophistication of the malware isn’t necessarily in the technical implementation, but in what appears to be a mature software development lifecycle. The malware has evolved and adapted, using best practices for development, borrowing techniques from other successful malware and has clearly been tested thoroughly to ensure it avoids detection by most antivirus tools.

It is important to realize that malware is now rarely created through ad hoc development, but is a business in itself. Many of the tools, techniques and strategies commercial software vendors use are also in use by malware developers.

Since the details of the malware are now available to the general public, there is a high likelihood that similar malware may be created by criminal groups or other state actors.  

tripwire

 

« MH370: new drift improves search in Australia
A Major Cyberattack will happen in next Decade! »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Africa Cybersecurity and Digital Rights Organisation (ACDRO)

Africa Cybersecurity and Digital Rights Organisation (ACDRO)

ACDRO is a non-governmental Organisation pioneering Digital Rights and promoting cybersecurity awareness within the digital environment in Africa.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.