- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
Developers have shown a stronger desire to study and master the Rust programming language during the past several years, but they are not the only ones. Ransomware gangs are increasingly coding or rewriting their software in Rust, according to recent findings by cybersecurity researchers.
According to a security assessment issued in December by Trend Micro, the Agenda group recently released a version of its ransomware that had been rewritten in Rust and had been used to attack IT and manufacturing firms. The initial Go-written version of this crypto-locking virus targeted healthcare and educational institutions. Rust-based ransomware makes it more difficult to protect against.
According to Trend Micro researchers, "At the moment, it appears that its threat actors are migrating their ransomware code to Rust as recent samples still lack some features seen in the original binaries written in the Golang variant of the ransomware." Rust is becoming more often used by threat actors because it is more challenging to analyze and is less frequently picked up by antivirus software.
According to Andrew Hay, chief operating officer of Denver-based LARES Consulting, many of the qualities that make Rust a growingly popular language with developers and coders now make it attractive for attackers seeking a competitive advantage to get beyond organizations' security defenses.
Rust-based malware has also been used by other ransomware-as-a-service organizations including BlackCat, Hive, and RansomExx, making it simpler to adapt the code for Windows or Linux-based computers, according to Trend Micro research.
The ability to directly access hardware and memory is perhaps one of Rust's two greatest advantages. Other languages make it impossible to develop extremely low-level code, but C# allows it. The operating speed of Rust is the second key advantage. Hay recently told Dice that the language provides excellent speed while assuring memory safety. "Rust is the perfect language to use if you're going to create something like ransomware that depends on speed and processing efficiency."
Ironically, one reason why Rust is gaining popularity is that it enables programmers to write code that is less prone to security flaws and problems than code written in certain other programming languages.
According to Melissa Bischoping, director of endpoint security research at Tanium, "Rust has many built-in safeguards that prevent you from easily compiling code with some common vulnerabilities in it; this protection addresses some of the long-standing issues with like C and C++ that have led to many buffer overflow and use-after-free vulnerabilities over the years."
"Rust is safer to use and performs well. We can anticipate an increase in demand for developing it, reversing it, and safeguarding it because it is also fast expanding among some of the biggest software manufacturers in the market, Bischoping continued.
Security experts point out that organizations require IT personnel who are knowledgeable about Rust and are aware of the security ramifications of how Rust-based ransomware may target and harm susceptible infrastructure. This is because cybercriminals are now employing Rust.
Rust knowledge is required, according to Bischoping, to assist in the reverse engineering of malware created in the language. According to Bischoping, "Research, reverse-engineering, and detection capabilities also must constantly evolve to account for the new variations in malware as we've done for years. This is part of the ongoing cat-and-mouse game between attackers and defenders." Rust is an appealing alternative for at least a time since, "for now, at least, there are fewer tools and professionals highly skilled at reverse-engineering malware written in Rust."
According to Bud Broomhead, CEO of security company Viakoo, organizations require tech specialists on board who are knowledgeable with Rust and how it is applied to increase the security of apps as the language gains popularity among developers and hackers. Understanding how a basic set of approaches may be used by bad actors to develop their virus is also crucial.
"Rust itself is inherently more secure and efficient; it may give developers an advantage against cybercriminals, even if those same threat actors themselves use Rust," Broomhead said to Dice. Organizations will search for the most effective method to create functions that can be utilized across many operating systems and device kinds, just like Java did many years ago.
