Sometimes, malware is a light drizzle – nothing that a little bit of protective gear won't stave off. Other times, it's a hailstorm, and requires more of an effort to defend against. But on rare occasions, malware is an earthquake – something so powerful that it shakes the very idea of security online. The new malware strain called 'Regin' belongs in this last category.
Run Silent, Run Deep
These days, cybersecurity whizzes are pretty adept at finding and identifying new malicious strains as they emerge. Much like doctors, Internet security experts are always on the lookout for new infections – as well as how to immunize people's computers and mobile devices against them. Usually, it doesn't take long for a new cybersecurity threat, once disseminated, to be detected by an expert working for the good guys. So to hear that a strain of malware has been worming its way around systems undetected for perhaps more than a decade is shocking to say the least.
The newly identified malware – which has been termed 'Regin' – was identified by popular security group Symantec, according to CNN Money. A widespread investigation by Symantec into this malicious strain uncovered that the malware has been active in at least 10 countries. Its targets – or at least the majority of victims – seem to be businesses, particularly small and medium-sized enterprises. But in revealing its report about Regin, Symantec did not provide the answers to perhaps the most central questions: What is the risk it poses? Why was it made? And just who exactly made it?
Not Your Typical Malware
As many news sources have reported, the reason why Symantec may have dodged these questions is because the answer is more complex and controversial for a brief explanation to encapsulate. Without explicitly stating it, Symantec's report on Regin suggests that the particular design of the malware as well as the data it goes after suggests it's not not a conventional strain of malware, but instead a highly advanced government spying tool. This would certainly help explain why Regin has enjoyed such a long period of unobserved malicious activity.
Now that Regin is out in the open, there's hardly a critical consensus as to why it was made in the first place and what kind of threat it poses. ComputerWorld collected some of the responses among reporters and experts to the news about Regin. Here's what a few had to say:
- Nancy Weil, Managing Editor of IDG News Service: The malware "was likely developed by a nation state and has been used to spy on governments, infrastructure operators, businesses, researchers and individuals since at least 2008."
- Morgan Marquis-Boire, Claudio Guarnieri, and Ryan Gallagher, The Intercept: "Regin appears to have been developed over the course of more than a decade," they stated. "The Intercept has identified traces of its components dating back as far as 2003."
- Dan Goodman, arstechnica: Goodman, like Weil, states that research places the originating year at around 2008 .
So there's definitely divergent reports here, but one thing remains clear: Regin is an enormous threat, and a powerful one, too. For a strain of malware to function undetected for between six and 11 years is like a disease ravaging the world for decades without anybody being able to pinpoint it. In tech time, six years is forever. And 11 years ago – well, that predates Facebook, so it's positively medieval.
Now that news about Regin is out there, more stories are guaranteed to follow. Maybe we'll get the answers we want. Maybe we won't. But one thing is certain: With threats like Regin out there, you can never take security for granted.
