Symantec: Regin Malware High-Level, Likely State Sponsored

Security firm Symantec says it has found a sinister and highly sophisticated piece of malware, which has somehow managed to evade security experts for more than six years. Dubbed 'Regin', the malware showcases high levels of technical competence, suggesting that it was likely developed by cyber espionage experts.

"The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible," Symantec said in a recent white paper on the subject. "Its design makes it highly suited for persistent, long-term surveillance operations against targets." (Source: symantec.com)

Regin Malware Extremely Hard to Detect

Symantec says there are a number of factors which make Regin a particularly effective type of malware. First, it's highly customizable, providing the cybercriminals using it "with a powerful framework for mass surveillance." Second, Regin is incredibly hard to detect. "Its authors have gone to great lengths to cover its tracks," Symantec says. (Source: pcworld.com)

That has led Symantec researchers to suggest that it may have taken years for Regin's authors to complete the project.

Symantec: No U.S. Infections -- Yet

So far, there is no evidence to suggest that Regin has been used against private or public organizations based in the United States. But Symantec says Regin has been employed in at least ten other countries, including Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Russia and Saudi Arabia have faced the brunt of Regin-related attacks, Symantec says. (Source: cbc.ca)

Given Regin's growing popularity, it's expected American organizations will eventually be targeted by cybercriminals using the malware. It's also worth keeping in mind that, according to Symantec, roughly half of all Regin infections have involved private individuals or small businesses. In addition, Symantec says almost one-third of all Regin infections have involved the telecommunications sector, giving cybercriminals access to critical information.

Symantec admits that there's still a lot not yet understood about Regin, but promises that its research team will continue to study the threat and report back to the public.

What's Your Opinion?

Does it concern you that highly sophisticated malware such as Regin are 'in the wild' and operating covertly? How is it possible for a piece of malware to go undetected for six years? Where do you think Regin originated?