Regin: the GSM malware

kaspersky

Thought viruses were only for computer and mobile operating systems? Then the latest research by Kaspersky Lab’s Global Research and Analysis Team might change your mind. The report puts the spotlight on the malicious platform named “Regin” capable of monitoring and attacking GSM networks. Yes, that’s the same interface your phone uses to make calls and send texts.

Detected in 2012, Kaspersky Lab speculates that the platform has compromised networks on more than 14 countries. From then until now, the malware has sporadically been detected all over the world but attacks have been unrelated to each other and functioned cryptically without context.

Samples obtained by the research team indicated that Regin is not a single program, but rather, an entire platform/software package composed of various modules capable of infecting all network levels of target institutions.

Kaspersky Lab has observed that although multiple organizations were affected in one country, only one of them was directly communicating with a foreign command and control server. This was due to Regin connecting all victims through a peer-to-peer virtual private network allowing command execution and information theft via a single entry point.

This style of attack allowed Regin to remain undetected for years without alarming anybody.

Another interesting feature of Regin is its ability to infiltrate GSM networks for access to a particular cell, redirect calls, activate other cells, and other offensive activities including information theft.

“The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations. In today’s world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user,” said Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab.

“Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users,” Raiu added.

NO COMMENTS