Symantec recently revealed details of a cyber espionage campaign dubbed “Regin”. There is some debate about just how sophisticated the attacks are, and it is suspicious that there don’t appear to be any US targets. However, now that the malware has been made public, any malicious developer can employ the exploits and tactics, so it’s important for you to know how to avoid the threat.
I wrote a blog post about protecting yourself against Regin:
Regin, the latest malware threat, is also one of the more mysterious ones. When Symantec unveiled details of the new cyber espionage campaign last weekend, its researchers described it as a highly sophisticated threat with an unprecedented level of technical competence.
Security experts outside of Symantec, however, take issue with the assertion that Regin is an advanced malware attack. “Although Regin may have gone undetected in some environments, the malware is not particularly stealthy,” said Ken Westin, security analyst with Tripwire. “It makes a number of file changes and registry key changes, so signature based antivirus products may be circumvented, but any organization monitoring for configuration changes in hosts would identify these changes.”
“This is no more and no less a threat than prior malware because it infects systems the same way, via browser exploit activated by clicking emailed links or visiting compromised websites,” agrees Kevin Epstein, VP of information security and governance for Proofpoint.
Read the full story at PCWorld: The Regin malware threat: Real protections against a mysterious danger.