Hackers Using Obscure Programming Languages to Evade Detection

  • By Dawna M. Roberts
  • Aug 19, 2021

 ZDNet reported this week that malware developers are turning to obscure or “exotic” programming languages to “hamper analysis efforts,” and evade detection.

What is Going On?

Researchers at Blackberry issued a report on Monday claiming that hackers are increasingly resorting to languages like Go (Golang), D (DLang), Nim, and Rust to evade detection and analysis by threat assessors.

ZDNet expands on this “In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.”

The BlackBerry researchers also mention that these languages are used for droppers and loaders to avoid detection on the initial device. Then once the malware has avoided detection, it is deployed to load other types of malware, including Trojans.

According to the report, some examples are “Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.”

Other gangs with sophisticated programming skills are completely rewriting their malware in these unusual languages, such as Buer, which was revised to become RustyBuer.

One of the most commonly used languages now is Go. ZDNet explains, “both advanced persistent threat (APT) state-sponsored groups and commodity malware developers are taking a serious interest in the programming language to upgrade their arsenals. In June, CrowdStrike said a new ransomware variant borrowed features from HelloKitty/DeathRansom and FiveHands but used a Go packer to encrypt its main payload.” Along with Go, DLang is also becoming very prominent in cybercriminal circles.

“By using new or more unusual programming languages, the researchers say they may hamper reverse-engineering efforts and avoid signature-based detection tools, as well as improve cross-compatibility over target systems. The codebase itself may also add a layer of concealment without any further effort from the malware developer simply because of the language in which it is written,” ZDNet commented.

VP of BlackBerry’s Threat Research, Eric Milam, says, “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

New Malware coding language

Ransomware an Ongoing Ever-Changing Threat

Ransomware has become such an enormous threat to individuals and businesses that governments are finally taking notice and enacting strict regulations against cybercriminals that include harsh punishments. Some administrations, like the U.S., are even considering penalizing the victim if they pay any ransom to the threat actors.

As these threats come and go, they continue to evolve, increasing the danger and making it much harder for threat researchers to identify, mitigate, and prevent attacks. So, where does that leave us now?

According to a Sophos Report for 2021, some key findings include:

  • 37% of respondents’ organizations were hit by ransomware in the last year. 
  • 54% that were hit by ransomware in the last year said the cybercriminals succeeded in encrypting their data in the most significant attack. 
  • 96% of those whose data was encrypted got their data back in the most significant ransomware attack. 
  • The average ransom paid by mid-sized organizations was US$170,404
  • However, on average, only 65% of the encrypted data was restored after the ransom was paid. 
  • The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc., was US$1.85 million
  • Extortion-style attacks where data was not encrypted, but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%
  • Having trained IT staff who are able to stop attacks is the most common reason some organizations are confident they will not be hit by ransomware in the future.”
 
About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Weekly Cybersecurity Recap February 16

Weekly Cybersecurity Recap February 16

This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii.

462k Hawaiians and Patients Exposed by Health Network Cyberattack

462k Hawaiians and Patients Exposed by Health Network Cyberattack

Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers' roles to achieve those milestones.

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close