The emails typically included links to download Microsoft Office documents that used macros to drop the RustyBuer malware - a technique that Microsoft continues to battle against today. The campaign saw the rewritten strain being distributed as part of phishing emails masquerading as shipping companies, and other associated campaigns purporting to be from the likes of logistics company DHL. It used a pair of backdoors in order to compromise companies in the region, including one that was rewritten in Rust from Python.Īs mentioned previously, Proofpoint also published its research into the re-writing of the Buer malware, the Rust iteration of which it named RustyBuer in 2021. Doctor Web researchers discovered a Linux backdoor trojan with functionality limited to just four commands sent over internet chat relay (IRC).Ī year later, ESET published details of the TeleBots campaign that targeted Ukraine months before the NotPetya outbreak was observed. Examples of malicious Rust programsĮxamples of major malware programs written in Rust date back to 2016, shortly after the language was released. The parameters in Hive are also being constantly updated, Microsoft said, and when coupled with string encryption, makes analysis increasingly difficult. The newer Rust version of Hive ransomware places different parameters in the command line which means things like the credentials required to access the ransom payment site cannot be accessed by analysts from the individual sample itself. Rust is also a command line-driven language. Proofpoint said in one analysis that it has observed previous malware strains being rewritten in Rust to avoid detections based on features of the program written in C. Due to the comparatively complex way in which Rust code is compiled into machine-readable code, the language makes it difficult for analysts to view the inner workings of the program. Understanding the role of data storage in cyber resiliencyĪgain, Rust’s compiler is to thank for this. Storage's role in addressing the challenges of ensuring cyber resilience This, in turn, prevents them from being reverse engineered to release decryptors, which would kill its ability to generate business. Newer languages Like Rust and Go are thought to be better at disguising the ways in which they work from malware analysts. Rust is an incredibly safe language thanks to its compiler that outright refuses to compile unsafe code by default, meaning developers who code ransomware using Rust won’t even be able to run it unless the program is guaranteed to run in a stable way. Memory-unsafe programs are also responsible for the majority of software vulnerabilities in non-malicious software, according to Okta. Ransomware strains also need to remain operational – to continue to lock users out of their systems – in order for the ransom demands to be valid. Memory safety is hugely important when writing secure software as memory-unsafe programs can lead to crashes. ![]() ![]() Microsoft’s analysis agrees, stating Rust offers better memory, data type, and thread safety over other languages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |