Monday 24 November 2014

Sophisticated malware bug Regin detected

A sophisticated piece of malware believed to have been created by a government to obtain confidential information has been detected.
The bug, known as Regin, is believed to have been created in 2008 to spy on individuals, businesses and rival government organisations, according to computer security company Symantec.
Once the bug has breached a computer, it can gain control of the mouse pointer, recover deleted files and make copies of passwords.
Almost half of the attacks targeted individuals and small businesses, alongside telecoms companies in what appears to be an attempt to gain access to calls routed through their infrastructure.
Regin victims may have been tricked into using fake versions of well-known websites, resulting in the installation of the bug. The low-key nature of the bug means it could be used in espionage campaigns lasting several years, Symantec said in a blog post.
The news comes in the wake of the Information Commissioner calling for a website live-streaming scenes from 584 UK homes and businesses via internet-connected security cameras and webcams to be taken down.
A hacker gained control of the cameras through their remote log-in function, an easy function to abuse should the owner choose to keep using the default password the device was shipped with.
The anonymous creator of the Russian site told the Telegraph the hack was enabled by "laziness and IT ignorance" on the part of the public.
Stephen Bonner, a partner in KPMG’s Cyber Security practice, said Regin appeared to carry the fingerprints of a sophisticated cyber espionage operation, "possibly by a nation state".
"Firms need to think carefully about the how they protect their most sensitive information – their crown jewels– as well as being vigilant in detecting and being ready to respond to sophisticated attacks,” he said.
The bug has mainly infected computers in the Russian Federation, Saudi Arabia, Mexico and Ireland, according to research.
Symantec compared Regin with Stuxnet, a "large and complex" computer worm believed to have been developed to sabotage the Iranian nuclear research program by the US and Israel, making it the world's first digital weapon.

How to choose a secure password

• Do not keep the default password
• Choose a password with a combination of upper and lower case letters, numbers and keyboard symbols
• Choose a password containing at least eight characters - longer passwords are harder for criminals to guess or break
• Avoid using obvious passwords such as names or birthdays of people close to you or numerical passcodes or PINs that use ascending or descending number
• Don’t recycle passwords (for example password2, password3)
• Never disclose your passwords to anyone else, if you think that someone else knows your password, change it immediately
• Don't enter your password when others can see what you are typing
• Change your passwords regularly
• If you must write passwords down in order to remember them, make sure they are meaningless and unusable to other people by writing them in code.

(Article taken from

No comments:

Post a Comment