Companies that develop open-source methodologies and tools to address the challenges of complex language enable organizations to stay ahead of attackers and stay ahead
SentinelOne (NYSE: S), a global leader in AI-powered cybersecurity and intezer, leaders in AI technology for automated security operations, have unveiled a project that aims to highlight the blind spots surrounding the Rust malware, so that threat experts can better understand and precisely identify this complex system before it reaches critical mass threshold and puts the enterprise in trouble. As part of the initiative, researchers from SentinelLabs and Intezer collaborated to develop a methodology to make reverse engineering of Rust malware more accessible and to engage the security community in creating and releasing tools to address the problem.
“In malware analysis, the arrival of a new programming language introduces an entirely new set of challenges that hinder our ability to quickly grasp a threat actor's malicious intent,” said Juan Andrés Guerrero-Saade, AVP of Research at SentinelLabs. "In the current state of our tools, Rust is virtually impossible to reverse engineer, and as a result, many analysts avoid researching the Rust malware ecosystem. Together with Intezer, we intend to change this."
In 2021, researchers at SentinelLabs took a similar approach to addressing the rise of Go malware, developing a Go malware analysis methodology dubbed “AlphaGolang.” The findings revealed that, once the underlying data is placed back into its proper context, reverse engineering Golang malware can often be easier than malware written in traditional programming languages.
“We've seen a similar trend with the Rust malware,” said Nicole Fishbein, Security Researcher at Intezer. The same features of Rust that engineers value, such as memory safety, aggressive compiler optimizations, borrowing, and intricate types and traits, result in a perplexing tangle of code that surpasses even C++ in the complexity of individual abstractions." By drawing on insights from AlphaGolang's development, we can shed further light on the true scale of the Rust malware ecosystem and equip reverse engineers with the tools they need to tackle it decisively."
