This year has been one of the worst for cyber security professionals. Over the past 12 months white hats have been forced to contend with targeted attacks on critical infrastructure, and gaping security bugs in open source technologies acting as the backbone of the internet.
Most recently these problems have been compounded by the discovery of a fresh, sophisticated malware campaign codenamed Regin.
What is Regin?
Regin was originally discovered by researchers at security firm Symantec. The malware is particularly dangerous as it adopts the same modular strategy as other sophisticated threats, such as Stuxnet and Mask.
The modular nature of Regin lets its creators quickly add new powers to the malware or customise it to avoid specific defences.
Symantec researchers explained in a blog post: "Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen.
"Customisable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations.
"Regin also uses a modular approach, allowing it to load custom features tailored to the target. This modular approach has been seen in other sophisticated malware families such as Flamer and Weevil (The Mask), while the multi-stage loading architecture is similar to that seen in the Duqu/Stuxnet family of threats."
Symantec believes that Regin is designed to collect information from its targets. However, some researchers have questioned whether espionage is Regin's actual goal.
Lancope CTO TK Keanini suggested that Regin's focus on staying hidden on infected systems for prolonged periods indicates that it could be designed as the first stage of a wider, more sinister plot.
"If you asked me what Regin's main objective was, I would not answer surveillance. I would answer evasive and stealth operations because, without it, surveillance and any other objective could not be performed," he said.
F-Secure security analyst Sean Sullivan mirrored Keanini's sentiment, pointing out that Regin has the potential to be used for far more than espionage and that new functions will be found in the near future.
"Regin is an advanced platform, and a lot of what's being written about thus far are payloads. I suspect we'll learn much more as everybody now starts to make connections," he said.
How it infects systems
The exact infection tactics used and exploits targeted by Regin remain unknown, as Kaspersky Labs pointed out in the firm's Regin platform nations-state ownage of GSM networks threat paper.
"The exact method of the initial compromise remains a mystery, although several theories exist, which include man-in-the-middle attacks with browser zero-day exploits," the paper said.
"For some of the victims, we observed tools and modules designed for lateral movement. So far, we have not encountered any exploits."
The lack of a clear attack strategy underlines just how sophisticated the malware is, again giving credence to the idea it has been created by wester intelligence agencies.
Who and what is Regin targeting?
Kaspersky Lab reported finding 27 Regin victims, including telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions and "individuals involved in advanced mathematical/cryptographical research".
The firm said it has seen infections in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria.
How long has it been going on?
There is currently a debate regarding how long Regin has been active. Symantec reported uncovering infections from 2008 onwards. However, Kaspersky has reported uncovering Regin samples with timestamps dating back as far as 2003.
Is it state sponsored?
Many researchers have suggested that the sophisticated nature of Regin, combined with the fact that it does not appear to be targeting the UK or US, as most high level threats do, indicates it may have been created by the two Western powers.
F-Secure's Sullivan told V3 that Regin's advanced nature means it is undoubtedly state-sponsored, but pointed out that it is too early to know who created it.
"This is nation-state stuff. [But] Regin is very rare. It is used very sparingly, which is part of its strength - excellent operational security," he said.
Piers Wilson, head of product management at advanced threat mitigation specialist Tier-3, added that while it may be too early to definitely say Regin is state sponsored, it appears highly likely that it is.
"We've seen the same [state-sponsored] reports, but don't have any more information, evidence or research to clarify this point. Certainly it appears to be clever, sophisticated and patient," he told V3.
How to stay safe
The targeted victim base, and lack of UK infections, indicates that the majority of UK businesses should be safe from Regin in its current form.
F-Secure's Sullivan noted: "Regin won't directly affect businesses unless among the limited number of targets. Other nation states may get ideas but I don't think they'll directly borrow based on our investigations into Russian and Chinese APTs."
However, despite this, members of the security community have cited Regin as evidence that firms need to take a more proactive approach to cyber defence.
Stephen Bonner, a partner in KPMG's cyber security practice, highlighted the multitude and frequency of new threats being discovered as proof that businesses must re-evaluate their security strategies.
"Another day, another cyber espionage tool," he said. "Firms need to think carefully about the how they protect their most sensitive information as well as being vigilant in detecting and being ready to respond to sophisticated attacks."
Lancope's Keanini agreed and suggested that firms could learn from Regin when it comes to early detection technology.
"The most effective defensive strategy is to leverage technical adjacencies to Regin's operations that will detect it early in its lifecycle," he said.
"For example, while there are encryption and clever covert channels being used for communication [in Regin], with the right detection algorithms (not signatures) these protocol anomalies are obvious."
Make sure to bookmark this page as V3 will be updating this article with fresh details about Regin as they become available.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago