Nov 24 2014

Regin Malware: What Does It Mean For You?

Malware is called many things. IT professionals ought to be alarmed when some is referred to as either groundbreaking or peerless, as is the case with a threat recently revealed by Symantec, dubbed Regin.

The key there is recently revealed, as the article mentions that the malware may have been in the wild six years or more. Considering how the threat has been assessed, and how little is currently known about it, that it’s been in the wild six years is pretty frightening.

From the little that is known about it currently, the belief is that this exploit is very sophisticated, with it being deemed a cyber-espionage tool, most likely something funded by a government, not the work of an independent hacker. What may fuel further speculation on who developed it or why is that when Symantec listed the countries where the Regin malware has been discovered, Russia and Saudi Arabia were on the list. The United States was not.

And what is Regin looking for? While malware that most users are aware of tends to seek out your login information or perhaps some financial data, Regin seeks neither.

“They were trying to gain intelligence, not intellectual property,” said Symantec analyst Vikram Thakur.

To get an idea of what prior malware the Regin threat is similar too, look no further than the Stuxnet worm. Curious enough, that worm was also believe to be developed by the US Government and used in part to target Iran-a country also on the list for Regin.

What does this mean for most IT professionals, and the users they support? It would appear at this time to mean very little. That it’s been in existence for so long without being known is troubling, but whomever is making use of the malware apparently has no domestic use for it-thus far. Still, as with all other threats it is worth monitoring, as it would not be a surprise to learn that someone else has copied Regin to use with more  damaging consequences in mind. Or that the controllers of Regin have changed their MO, and it now seeks out domestic targets and more than just intelligence information.