Security researchers have discovered a sophisticated malware, Regin, which is been in use since at least 2008. This malware is cleverly designed to spy on computer systems around the world, especially for targeting private companies, governments, research institutes and individuals in 10 countries. According to research, this malware has been found on systems in Russia and Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria, and Pakistan. More than half of all infections were on machines in Russia and Saudi Arabia alone.
Regin malware have the ability to remotely control the mouse and keyboard of the infected computer, take screenshots, record key presses, monitor network activity and recover deleted files. It was found to be targeting telecom companies and even internet providers with an aim to obtain their customer data. Apart from this, airlines, energy utilities, research agencies, and hospitality companies were also targets of Regin malware.
According to researchers, specialist modules of this malware were found monitoring Microsoft Internet Information Services network traffic, parsing mail from exchange databases, and collecting administration traffic of telecom companies.
The level of resources deployed behind Regin indicates that it is one of the main cyber-espionage tools used by a nation state, that is; this malware may be most probably state-sponsored. The US, Israel, and China are believed to be funding and executing such attacks.
Regin malware also exploited an undiscovered Yahoo Messenger vulnerability, hence researchers speculate that it can use spoofed versions of popular websites or vulnerabilities in other application to gain access to computer systems.
eScan recommends that organizations, software developers and website owners must follow consistent privacy and security practices. They must also develop a process to ensure that all the latest security patches have been applied so that cybercriminals are not able to take advantage of any vulnerability.
eScan also recommends individuals to follow the below security practices:
- Update your system with the latest antivirus software such as eScan that protects your system from all kinds of Malware attacks.
- Enable firewall in your computer system to ensure you are secure on local networks and the Internet.
- Keep your computer’s security settings to a higher level. Configure your computer’s AV settings to perform automatic system updates.
- Only install applications (apps) from trusted sources. Never download apps from unauthorized or illegitimate apps stores.