It is only a matter of time before the cyber criminals or nation states behind malicious spying malware Regin turn their attention to SA - and the country needs to examine its critical information infrastructure and start taking proactive steps, before it is too late.
This is according to security experts and comes after further discoveries surrounding Regin - an advanced malicious software application with roots going as far back as 2003 - were uncovered by security researchers.
After almost three years of tracking the malware, Kaspersky Lab experts recently uncovered what they say is the most unique and interesting feature of the platform - its ability to attack GSM networks. The firm says Regin is the first cyber attack platform known to penetrate and monitor GSM networks in addition to other "standard" spying tasks.
The attackers behind this platform have compromised computer networks in at least 14 countries around the world, says Kaspersky. The firm has so far identified victims in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Syria and Russia.
Symantec describes backdoor-type Trojan Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen". More details around the malware and its technical construct are contained in the maker of Norton anti-virus products' new technical white paper.
Network vulnerability
Speaking about Regin's recently discovered ability to spy on GSM networks, director of Kaspersky Lab's global research and analysis team, Costin Raiu, says people have become too dependent on mobile phone networks that rely on "ancient" communication protocols with little or no security available for the end-user.
"Although all GSM networks have mechanisms embedded, which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users."
Manuel Corregedor, operations manager at Wolfpack Information Risk, says, while he is not familiar with the technologies used on SA's GSM networks, given the advanced nature of Regin and its ability to adapt and target differing architectures, the country's networks "could very well be vulnerable".
Corregedor says the cyber criminals and/or nations states behind this malware appear to be well-funded and very knowledgeable. "If they wanted to target South African GSM networks, it would be entirely feasible to do so."
A breach of this type would directly affect the privacy of all consumers, Corregedor notes, as cyber criminals would be able to monitor calls being routed through the GSM networks.
As for SA's network operators, he says it would - as with any breach - adversely affect the companies' reputation and brand, possibly resulting in a loss of customers. "There would also be costs involved in removing the infection and dealing with any damage it may have caused."
Protection
Corregedor says Regin is a huge threat to privacy and companies that have any information (intellectual property and consumer information, for example) that could be of value to cyber criminals - and in particular nation states - should be on guard.
He says SA's network operators need to take a proactive approach towards protecting themselves. "In the case of Regin, there have been reports that the malware was spread through the use of social engineering (tricking the user into installing the malware). Therefore, the approach needs to take into consideration not just technology (anti-malware, firewalls, etc) but also training and awareness as a means of addressing this and all threats.
"Additionally, all network operators should establish an incident response plan to deal with such malware infections when they do happen. Unfortunately, in today's world it's not a matter of if you will be infected, but rather a question of when."
Vodacom spokesperson Richard Boorman says the company's IT security team is aware of the Regin threat and is on top of it. "[The team] has updated our systems to combat it." He says the operator has an entire department dedicated to dealing with IT security, and this deals with literally thousands of attacks on a daily basis. "As each new threat emerges, we take immediate steps to address it."
Citing the security team on Regin malware, Boorman adds: "The most important action for users is to ensure they have the latest anti-virus signatures loaded and also ensure they have patched all devices."
Share