02/12/14

Client ALERT- Regin Super Spyware

Security firm Symantec
last week identified a highly complex, sophisticated, intelligence-gathering
spyware tool named Regin. The malware is believed to have been
systematically stealing data from ISPs, energy companies, airlines and R
& D labs for over 6 years. The threat from the malware is so serious that Symantec hosted an online Cyber Security Summit of experts on Dec 1st to help businesses protect themselves from the threat.

It
appears the spyware infects victims’ PCs which are using Windows OS. It may gain access through fake or spoofed versions of well-known websites –
but it is not yet certain if this is the case. It may also be able to
exploit vulnerabilities within out-of-date web browsers. The spyware
then gradually infiltrates its victims’ devices and stealthily covers
its tracks at every stage.

Regin is believed to be able to:

  • Access victims’ computers remotely
  • Take screenshots
  • Steal data
  • Control a mouse pointer
  • Recover deleted files

This
complex malware is so advanced, that many argue that it must have
originally been written by a well-equipped nation state for use by its
own intelligence agencies.

What is the scale of the infection?

So far only around 100 known infections of Regin have been
identified; 48% of these infections have been recognised by Symantec as private
individuals or small businesses. All the Regin infections have so far been outside the UK. However, this does not include similar variants of the malware which may now be doing the rounds. It is vital that you have measures in place to protect yourself and your business against malware
and virus infections.

How can you protect your business?

  • Anti-Virus – Ensure a reliable and up-to-date
    Anti-Virus is installed on your server and all workstations.
  • Spam-Filtering – Our spam filtering service will
    filter all inbound mail; blocking any spam or infected emails.
  • Updates – Ensure all software you use, your web
    browsers and windows updates, are all up to date and running the latest
    version.
  • Be vigilant – If you receive a suspicious email,
    delete immediately and do not click on any links or open any attachments. If
    you believe your machine may be infected then disconnect it from the internet
    and business network and contact your IT provider.
  • Disaster recovery – Have a back-up and data
    recovery plan in place. if the worst should happen – a recent backup can be
    restored to ensure minimal data loss.

Contact Us

If you have any questions about anything mentioned in this article, do contact us on 01952 684030 or email katy@networksupportsolutions.co.uk.