Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43445
  • Total Topics: 16537
  • Online today: 3188
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 0
Guests: 3127
Total: 3127









Author Topic: Meet the Regin - Another malware developed by a nation state !?  (Read 2984 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum



Malware that Symantec says was probably developed by a nation state may have been used for as long as eight years, a length of time that underscores the challenges the security industry faces in detecting advanced spying tools.

On Sunday, the computer security company published a 22-page report: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf and blog post on the Regin malware: http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance , which it described as a powerful cyberespionage platform that can be customized depending on what type of data is sought.

It was predominantly targeted at telecoms companies, small businesses and private individuals, with different modules customized for stealing particular kinds of information. Symantec found about 100 entities infected with Regin in 10 countries, mostly in Russia and Saudi Arabia, but also in Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan

A first version of Regin was active between 2008 and 2011. Symantec began analyzing a second version of Regin about a year ago that had been forwarded by one of its customers, said Liam O’Murchu, a Symantec researcher, in a phone interview Sunday.

But there are forensic clues that Regin may have been active as far back as 2006. In fact, Symantec didn’t actually give Regin its name. O’Murchu said Symantec opted to use that name since it had been dubbed that by others in the security field who have known about it for some time.

If Regin does turn out to be 8 years old, the finding would mean that nation states are having tremendous success in avoiding the latest security products, which doesn’t bode well for companies trying to protect their data. Symantec didn’t identify who it thinks may have developed Regin.

Symantec waited almost a year before publicly discussing Regin because it was so difficult to analyze. The malware has five separate stages, each of which is dependent on the previous stage to be decrypted, O’Murchu said. It also uses peer-to-peer communication, which avoids using a centralized command-and-control system to dump stolen data, he said.

It’s also unclear exactly how users become infected with Regin. Symantec figured out how just one computer became infected so far, which was via Yahoo’s Messenger program, O’Murchu said.

It is possible the user fell victim to social engineering, where a person is tricked into clicking on a link sent through Messenger. But O’Murchu said it is more likely that Regin’s controllers knew of a software vulnerability in Messenger itself and could infect the person’s computer without any interaction from the victim.

“The threat is very advanced in everything it does on the computer,” O’Murchu said. “We imagine these attacks have quite advanced methods for getting it installed.”

Telecom companies have been particularly hard hit by Regin. Some of the companies have been infected by Regin in multiple locations in multiple countries, Symantec found.

The attackers appear to have sought login credentials for GSM base stations, which are the first point of contact for a mobile device to route a call or request data. Stealing administrator credentials could have allowed Regin’s masters to change settings on the base station or access certain call data.

Regin’s other targets included the hospitality, airline and ISP industries, as well as government.

“We do not think [Regin] is a criminal type of enterprise,” O’Murchu said. “It’s more along the lines of espionage.”

(PCW)

Samker's Computer Forum - SCforum.info


devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Meet the Regin - Another malware developed by a nation state !?
« Reply #1 on: 25. November 2014., 00:33:55 »
I can't even comment on these things any more... It just numbs the brain :(

Devvie
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Re: Meet the Regin - Another malware developed by a nation state !?
« Reply #1 on: 25. November 2014., 00:33:55 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023