Regin changes the face of cyber security

Regin changes the face of cyber security

A new and more powerful form of government-sponsored malware needs our attention. Businesses may need to increase their investments in cyber defence.

In November, the security experts at Symantec and Kaspersky revealed the existence of Regin to the world. Regin is a malware designed for persistent, long-term mass surveillance of specific targets. And it appears that a government runs it.

Kaspersky’s president declared that Regin is a new type of threat. It is cheaper and easier to deploy than previous government malware. It is also “a leap forward” in complexity and effectiveness.

Anyone with an interest in attacking a company’s data system, or stealing secrets from an individual business leader, could be inspired to follow the Regin example. Even those not targeted by Regin should therefore take heed of the innovative malware design. Sony’s recent plight is a testament to just how damaging a hack can be.

All of this means that companies could benefit from spending more on their cyber defence – or even from taking some secrets completely offline.

State-sponsored malware

According to Symantec, Regin’s scale indicates that one or more states are responsible for developing and operating it. And the malware’s activities give us a hint of which governments are behind it – though no one will admit to it.

Regin has not attacked any user in the US and the UK. This has led to security experts speculating that the malware originates from one or both of these countries. Another hint in this direction is the English language jargon in the code. The security company F-Secure has ruled out China, another usual suspect, as the perpetrator.

Der Spiegel is even open about calling Regin a tool of the NSA and the GCHQ.

The list of victims further supports the theory of an Anglo-American plot. About half of Regin’s victims are from Russia (28%) and Saudi Arabia (24%). The malware has also attacked users in Belgium, Brazil, Iran, Germany, Mexico, Pakistan and Syria – to name a few places. Victims in Western Europe are few and far between.

Companies in the US and the UK should not, however, feel too safe just because Regin is not aimed at them. Others can easily replicate the malware’s basic mode of design – and probably will.

A malware platform

Unlike other government malware, Regin is not just a programme. It is a platform that can be tailored to meet specific needs in various situations. This is a new way of creating malware and mirrors broader trends in software design.

Just like we update apps on our smartphones without re-installing the entire software, so is the Regin malware evolutionary. This means that the creators can build it out to meet new requirements or to counter the latest defensive systems. It also lets them write less code and spot errors more easily – in short, run a much more efficient operation.

Since this way of creating malware is both simpler and more potent than older methods, others with an interest in spying are likely to follow suit. New software technology spreads rapidly and gives a whole range of actors enhanced weapons to use against individuals and companies. The challenge now lies with the providers of defensive software to shield businesses against this new threat.

If the defenders are able to counter the new malware trends, companies may still be able to avoid the worst forms of hacking and surveillance. If not, more may face a situation similar to the one faced by Sony. Hackers thought to be affiliated with the North Korean government have not only damaged the firm, but also caused it a PR mess.

With these developments in mind, companies would be wise to consider devoting additional resources to cyber security protections.

About Author

Hallvard Barbogen

Hallvard currently works as a communications advisor for companies in the financial and environmental sectors. He has previously worked for the Norwegian Ministry of Foreign Affairs, development NGOs and in local media. He holds an MA with distinction from the Department of War Studies at King's College London and a BA from the University of Oslo.