Tue | Jul 27, 2021 | 2:06 PM PDT

In cybersecurity there is a constant game of cat and mouse being played between defenders and threat actors.

New technologies create opportunities for improved efficiencies, the threat actor adapts, and the defender responds. It also works the other way around, as a threat actor can utilize new technologies, forcing the defense to adapt their security.

SecureWorld just reviewed a newly released report from BlackBerry's Research & Intelligence Team on this topic. The report looks into how threat actors are currently adapting, as they observed an increase in the use of uncommon programming languages.

Eric Milam, VP of Threat Research at BlackBerry, explains:

"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies. That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products. It is critical that the industry and customers understand and keep tabs on these trends because they are only going to increase."

BlackBerry has identified four uncommon programming languages that have seen an increase in their use for malicious intent: Go, D, Nim, and Rust.

Challenges of uncommon programming languages

New programming languages are typically created to improve on existing languages, helping researchers prevent future threats. But BlackBerry says it is an "eventuality" that malicious actors will dissect the language and use it however they please.

In the past, we have seen uncommon malware, like VB6, reach near-epidemic levels due to the fact it was incredibly difficult for security researchers to reverse engineer. Although it is not as popular as it once was, VB6 and similar malware strains have paved the road for new languages today.

BlackBerry warns that history tends to repeat itself.

When attackers use exotic programming languages, it helps them hide their actions:

"An argument could be made that in the case of more uncommon programming languages, the language itself acts as a layer of obfuscation. Each of these languages is relatively new and has little in the way of fully supported analysis tooling. As such, they can appear quite alien under the hood.

It is because of their relative youth and obscurity that the languages themselves can have a similar effect to traditional obfuscation and be used to attempt to bypass conventional security measures and hinder analysis efforts."

BlackBerry also describes how uncommon languages are being used in loaders and droppers it has observed, including Cobalt Strike:

"We're seeing a growing number of loaders and droppers written in uncommon languages. These new first-stage pieces of malware are designed to decode, load and deploy commodity malware such as the Remcos and NanoCore Remote Access Trojans (RATs) as well as Cobalt Strike. They have been used to help threat actors evade detection on the endpoint."

For more information on the increase in uncommon programming languages and best practices, read Blackberry's Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages.

Comments