Typical organizational security measures include signature, or even context recognition to identify malware inside the network. Attackers, forever creative, have begun to utilize less common languages to either write their malware, or for use as a file dropper to write the malware to the disk or into memory.
There are several reasons why an attacker may wish to use uncommon languages. As these languages develop, they become cross-platform compliant allowing attackers the ability to utilize one piece of malware across many different systems without needing to re-write for each type. Researchers for BlackBerry have identified Go, Rust, DLang, and Nim, as the current most commonly used uncommon languages. As these are uncommon, signatures may be lacking in organizations to identify the code, and in some cases the binaries are complex and much harder for security professionals to analyze. Additionally, these languages, Rust especially, use less memory and have lower requirements for execution which is often used to target Internet of Things devices which may have lower end components.
Last year’s FireEye breach which resulted in the loss of the organization’s red team tools, has shown that many of these tools were written in these uncommon languages including Rust and Go. As current system configurations may not recognize these languages or the code as a threat, wrapping traditional malware in the form of an encrypted file, inside code written in these languages may allow attackers to bypass traditional security measures. Also of importance to note is that security professionals may not be familiar with these languages which means there is a distinct learning curve that attackers can take advantage of for infiltration of systems.
Training becomes important for security professionals in new technology and an effective security team should have up-skill training as a percentage of work and as a baseline component of the job. An organization who fails to advance the knowledge of their employees will surely be left behind or become the next big headline of a security breach.
Reference: Sheridan, K. (26 July 2021). ‘Attackers Use of Uncommon Programming Languages Continues to Grow.’ Dark Reading. Attackers’ Use of Uncommon Programming Languages Continues to Grow (darkreading.com)
Cybersecurity In Action 