Why REGIN Isn't The New STUXNET

This family of malware has been compared to Stuxnet; however, this is a poor  comparison since Regin does not spread the way Stuxnet did. In fact, the purposes of each malware are quite different.

Stuxnet was designed for sabotage, whereas Regin was likely designed for espionage and as a result was deployed with a great deal more of precision. If anything, the purpose and behavior of the malware is similar to Flame, another malware family, specifically designed for espionage purposes.

There is still very little known about the initial attack vector used to deploy Regin.  It appears to have been dropped using a variety of methods, including social engineering, an exploit in Yahoo Messenger and a link to a fake LinkedIn page that functioned as a watering hole.

Although Regin was designed to be stealthy, the various phases of the malware deployment can still be detected. The Regin malware actually makes a lot of ‘noise’ given the number of changes it makes on a host system if you have the right tools in place to monitor these changes on host systems.

Many of the methods used by Regin are not necessarily new and from conversations with developers are actually more like general best practices for developing Windows drivers.
The sophistication of the malware isn’t necessarily in the technical implementation, but in what appears to be a mature software development lifecycle. The malware has evolved and adapted, using best practices for development, borrowing techniques from other successful malware and has clearly been tested thoroughly to ensure it avoids detection by most antivirus tools.

It is important to realize that malware is now rarely created through ad hoc development, but is a business in itself. Many of the tools, techniques and strategies commercial software vendors use are also in use by malware developers.

Since the details of the malware are now available to the general public, there is a high likelihood that similar malware may be created by criminal groups or other state actors.  

tripwire

 

« MH370: new drift improves search in Australia
A Major Cyberattack will happen in next Decade! »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

Computer Forensic Specialists

Computer Forensic Specialists

Computer Forensic Specialists are leading forensic consultants and have been providing litigation support for electronic evidence since 1996.

Cosan

Cosan

Cosan is a cybersec solutions & services provider that assists organisations to identify vulnerabilities, protect sensitive data and remain compliant.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.