A sophisticated Trojan called “Regin” has been discovered by researchers, but this should not be the concern to the general public that Shellshock or Heartbleed once were before.
A Trojan that could only be described as “extremely complex” and “stealthy” has been spying on information and data from Internet Service Providers for years, likely dating back to 2008 or further. Even worse the scope of the data that was being retrieved was far beyond just service providers. In fact, energy companies, airliners, and research-and-development labs were all likely to have been previous targets by the Trojan and the group that put the bug together.
According to Symantec, a security company, the thing being referred to as “Regin” is masked incredibly well and was put together with a “degree of technical competence rarely seen.” Many went on to note that it likely took years, upon years, to develop Regin. It’s worth noting that some have speculated that a nation, or state wrote the Trojan originally to breach other data walls, and to further “spying campaigns,” but it appears as though this one is relatively harmless to the typical user.
Russia and Saudi Arabia were the two nations most aggressively hit by “Regin” accounting for more than half of the attacks that occurred globally, and accounting for 28% and 24% of the attacks respectively. However, researchers were quick to point out that “Many components of Regin remain undiscovered, and additional functionality and versions may exist.” They went on to note that “its design makes it highly suited for persistent, long-term surveillance operations against targets.”
However, Jason Steer, of the security firm FireEye pointed out a few things of importance with regards to this malware. He noted that “It’s a challenge to the whole security industry as to how they find these malicious and sophisticated pieces of code,” going on to say that “It’s clearly been written by someone that has much more than making money in mind.”
In essence, this piece of malware is incredibly important to the intelligence community, but has far fewer applications in the real, or personal-computing space, and that ultimately is what is most important to consumers. While large companies could be impacted by this, we still aren’t talking about something as widespread as Heartbleed, or Shellshock, where in theory, every computer is at stake – and every piece of information that you have is at stake – directly.