- Best Practice (18)
- deposited material (9)
- Developer Escrow Agreement (5)
- G-Cloud (5)
- green technology (1)
- ISO 9001 (11)
- MirrorWeb (1)
- Saas (13)
- Software (16)
- Software Escrow (30)
- Software Escrow Agreement (20)
- Software Escrow Cost (6)
- source code (9)
- Source Code Escrow (14)
- Technology (3)
- TES – Directors (1)
- total escrow solutions (3)
- Uncategorized (5)
- Website Security (1)
When Security Firms Get It Wrong
February 2, 2015
Users of security software are generally pretty trusting of the software tasked with protecting them from everything nasty on the internet, the software appears to sit there neatly in the corner, update itself and protect as it should. But what happens when the security companies get it wrong? What if they underestimate the danger of a new threat or simply miss an up and coming virus of piece of malware?
Well thankfully it is pretty rare that security firms get it wrong, but recently they did. A piece of software deemed malware known popularly as Regin, went largely unnoticed for a matter of years, according to some industry experts. With some estimates of the software being in use since 2003, popular security software developers Kaspersky Labs first became aware of the malware in late 2012 while the worlds number one anti-virus software developers, Symantec took until later 2013 to add it to their database.
The exact origin and development of Regin remains somewhat unclear, Described as “extremely complex” and “stealthy” the spying program has been known to have stolen data from ISPs, energy companies, airlines and research-and-development labs worldwide, a security company has said. One of the strongest theories of Regins origins is that it has been developed by a western government as a targeted multi-purpose data collection tool that has been created by a “well-resourced teams of developers”.
So what is the reason for this underwhelming reaction from the security firms? Well to date only around 100 Regin infections have actually been identified. While this is a very insignificant volume, it only supports the claims that Regin is likely to be being used by a well-equipped nation as a spying tool. Symantec also state that Regin is extremely similar to other malware programs such as Stuxnet and Flame, which are known to have been developed by nations hoping to utilise them for spying purposes.
100 infections don’t sound like a lot but when you consider the targets, it becomes clear why the attacks are so significant. In 2010 Belgium telecoms company Belgacom was targeted by Regin, given the type of confidential information a telecoms company is likely to hold, this 1 attack alone has the capacity to reveal information that relates the entire population of Belgium. Other targets include similarly scaled companies that would be bound to have mass amounts of personal data relating to hundreds of thousands of individuals.
While the volume of attacks by Regin wasn’t significant enough to throw security firms into action then its capabilities should have been, It is believed that Regin has the ability to:
- Remotely access computers
- Take screenshots
- Take control of the computers
- Recover deleted files
- Download data from the computers it has access to
So while security firms generally do a great job in protecting individuals and businesses, they obviously hadn’t bargained for malware with this level of sophistication. While the puzzle of Regin continues it is difficult to see how they security firms will get a grip on such seemingly well developed and ever-evolving, professional spy software packages such as Regin.