The Regin malware platform, which many commentators think was developed by a national security agency of a sophisticated western government, such as the UK, USA or Israel, has taken malware to a new level of sophistication through the modularisation of the application platform, and the sequential, layered nature of the platform implementation on a target system. If this was indeed developed by such an organisation, whose remit is to protect the public, then while it remained undetected it may have given them a sophisticated edge for spying on others. However, I find it somewhat ironic that now that this malware platform has been analysed by Symantec and Kaspersky Lab, and the architectural concepts and ideas are now out there for the bad guys to exploit, that the whole cyber world has become a more dangerous place.
Why ‘Regin’ Malware Changes Threatscape Economics Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps. Recently, Symantec and Kaspersky Lab released research on an advanced persistent threat (APT) dubbed Regin. Symantec focused on the software’s technical sophistication, its use as an espionage tool, and indications of nation-state origins. Kaspersky concentrated on victimology, the attackers’ objectives, and the compromise of at least one cellular communications network. Impressive (or terrifying, depending on your point of view) as these attributes are, Regin’s real impact on the threatscape is programmatic in nature: Regin fundamentally shifts the economics and timelines of APT development and deployment in the attackers’ favor