Monday, November 24, 2014

New Stealth Malware Compared to Stuxnet

Regin is a sophisticated piece of malware revealed by Symantec last night that targets specific users of Microsoft Windows based computers. It has been compared to Stuxnet and is thought to have been developed by "well-resourced teams of developers," possibly a western government as a targeted multi-purpose data collection tool.

Commenting on this, TK Keanini, Lancope's CTO, said, "As threats become more advanced, defenses in turn must also advance which makes the game not Information Technology, but the game of innovation. When you look at this stuff for a long time, you begin to realize that beautiful design is just beautiful and elegant. It is difficult not to applaud a beautifully designed system no matter what team you're on.

"If you asked me what Regin's main objective was, I would not answer surveillance. I would answer evasive and stealth operations because, without it, surveillance and any other objective could not be performed.

"Einstein was quoted as saying that problems cannot be solved at the same logical level they have been created, so the most effective defensive strategy is to leverage technical adjacencies to Regin’s operations that will detect it early in its lifecycle. For example, while there are encryption and clever covert channels being used for communication, with the right detection algorithms (not signatures) these protocol anomalies are obvious. These custom TCP and UDP protocols will show up in state of the art anomaly detection and let your signature based security tools take care of the other threats."