"It is interesting to see how far you can go with 'just OK' attack vectors," he said referring to the effective but relatively straightforward design of the software.
"You don't have to be that complex but what you really need to do is have good operations control and choose you targets carefully and that you are not being discovered."
The attack was determined in nature as suggested by the removal of old versions, he said.
He and fellow researcher Shahar Tal believed that the attackers avoided using spear phishing emails because this was too 'noisy'. The use of web servers would have been far harder to detect or close, particularly three years ago.
"People don't necessarily segment their networks to protect internal servers. My guess it we're going to see more of this if we haven't already. It was an effective choice," said Tal. "[Using web servers is stealthy."
They believed that in addition to the hundreds of victims detected, many more remained to be discovered, suggesting a larger campaign.
The significance of Volatile Cedar is that it demonstrates not only that Middle-Eastern countries have the capability to perform cyber-surveillance on other countries including the US and Europe but that this has existed for over three years.
One way of looking at the last five years of cyber-warfare revelations is to see it as a slow unveiling of the way that geo-politics has been working for far longer than anyone realised. The world's understanding of cyber-warfare is only now catching up with the reality.
In February, Check Point bought the tiny Israeli security startup for $80 million.
Sign up for CIO Asia eNewsletters.