Why REGIN Isn't The New STUXNET

This family of malware has been compared to Stuxnet; however, this is a poor  comparison since Regin does not spread the way Stuxnet did. In fact, the purposes of each malware are quite different.

Stuxnet was designed for sabotage, whereas Regin was likely designed for espionage and as a result was deployed with a great deal more of precision. If anything, the purpose and behavior of the malware is similar to Flame, another malware family, specifically designed for espionage purposes.

There is still very little known about the initial attack vector used to deploy Regin.  It appears to have been dropped using a variety of methods, including social engineering, an exploit in Yahoo Messenger and a link to a fake LinkedIn page that functioned as a watering hole.

Although Regin was designed to be stealthy, the various phases of the malware deployment can still be detected. The Regin malware actually makes a lot of ‘noise’ given the number of changes it makes on a host system if you have the right tools in place to monitor these changes on host systems.

Many of the methods used by Regin are not necessarily new and from conversations with developers are actually more like general best practices for developing Windows drivers.
The sophistication of the malware isn’t necessarily in the technical implementation, but in what appears to be a mature software development lifecycle. The malware has evolved and adapted, using best practices for development, borrowing techniques from other successful malware and has clearly been tested thoroughly to ensure it avoids detection by most antivirus tools.

It is important to realize that malware is now rarely created through ad hoc development, but is a business in itself. Many of the tools, techniques and strategies commercial software vendors use are also in use by malware developers.

Since the details of the malware are now available to the general public, there is a high likelihood that similar malware may be created by criminal groups or other state actors.  

tripwire

 

« MH370: new drift improves search in Australia
A Major Cyberattack will happen in next Decade! »

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Go Cyber

Go Cyber

Go Cyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ARM

ARM

ARM provides a range of IP and software technologies to enable secure solutions using ARM Cortex processors. Applications include IoT devices.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

Cyber Security Platform (CSP Austria)

Cyber Security Platform (CSP Austria)

The Cyber Security Platform is Austria's central platform for cooperation between the private and public sectors in matters of cyber security and the protection of critical infrastructures.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.