Actu
Lancope CTO - TK Keanini: ’Regin’, Stealth malware compared to Stuxnet
November 2014 by Lancope CTO - TK Keanini
Regin is a sophisticated piece of malware revealed by Symantec last night that targets specific users of Microsoft Windows based computers. It has been compared to Stuxnet and is thought to have been developed by "well-resourced teams of developers", possibly a western government as a targeted multi-purpose data collection tool.
Commenting on this, Lancope CTO - TK Keanini - said: "As threats become more advanced, defences in turn must also advance which makes the game not Information Technology, but the game of innovation. When you look at this stuff for a long time, you begin to realise that beautiful design is just beautiful and elegant. It is difficult not to applaud a beautifully designed system no matter what team you’re on.
If you asked me what Regin’s main objective was, I would not answer surveillance. I would answer evasive and stealth operations because, without it, surveillance and any other objective could not be performed.
Einstein was quoted as saying that problems cannot be solved at the same logical level they have been created, so the most effective defensive strategy is to leverage technical adjacencies to Regin’s operations that will detect it early in its lifecycle. For example, while there are encryption and clever covert channels being used for communication, with the right detection algorithms (not signatures) these protocol anomalies are obvious. These custom TCP and UDP protocols will show up in state of the art anomaly detection and let your signature based security tools take care of the other threats."
