View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 25, 2014

4 cybersecurity lessons from Regin outbreak

Symantec's discovery of state-backed malware should serve as warning to firms.

By Jimmy Nicholls

Symantec’s uncovering of the Regin virus has generated plenty of publicity for the malware, thought to have the backing of a state and taken years to create.

It is thought to have operated in the wild since at least 2008, and has been used to spy on governments and business alike. But what lessons should corporations and states draw from the attack, and what can be done to mitigate against similar threats in the future?

1) Greater focus should be placed on detection

Aviv Raff, CTO of Seculert, argues that the lifespan of the malware shows that "traditional security solutions" are falling short of their intended goal. He blames this on an emphasis to prevent attacks instead of detect them.

"Fortunately, we now see more and more enterprises moving budget away from prevention focused solutions and investing more in detection and response. As long as this budgetary trend continues, so will the presence of wide-scale undetected attacks. Something needs to change, and quickly."

2) Software is now more valuable than hardware

The need to protect and control software is taking precedence over the need to do the same to hardware, according to Jamie Longmuir, software monetisation expert at security firm SafeNet. Often this means protecting programs across devices, which can also be challenging.

"Various attacks show that the perceived secure environments are vulnerable, often because of the complexity of the system," he said. "So even the crucial application code of the system itself needs to get protected to limit the attack surface and therefore allow protecting the core in the most efficient way.

3) Malware is evasive, which perhaps explains its lifespan

We are now used to seeing long-term malware threats in the wild, particularly given some of the zero-day bugs found this year that have lurked unseen on systems for years. Pedro Bustamante, director of special projects at the security firm Malwarebytes, told us why the virus could escape detection for so long.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"The analysis shows it to be highly adaptable, changing its method of attack depending on the target," he said. "It also has some very advanced evasion techniques that make it suitable for spending long periods carrying out undercover surveillance. This is all complemented by the fact that it appears to be dropped via exploit, taking advantage of vulnerabilities in everyday applications."

4) It is also a platform with modular capabilities

A report from Kaspersky Lab, a security company, found that the virus was not merely a single tool, but a platform with an array of capabilities. The modular nature of the malware meant it can infect entire networks and "seize full remote control at all levels".

"The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations," said Costin Raiu, director of global research and analysis at Kaspersky. "In today’s world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.