Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
If you keep a pulse on the technology sector or have take note of billboard ads in any urban area you may be familiar with the rise of coding bootcamps and the #LearnToCode movement. To forward your career in many competitive sectors there is the question of “should Iearn to code?”— including those in careers as cybercriminals.
While there’s been an increase in “as-a-service” offerings, which to an extent has removed the need for in-depth programming knowledge, most cybercriminals still need some basic understanding of programming. For one thing, it helps boost credibility: Many threat actors look down on those who are unable to code. They also need to code in order to configure and make use of ready-made scripts and source codes. So, cybercriminals frequent dedicated programming sections on forums to discuss which coding languages to use for certain tasks; to share tools scripts, and methods; and to ask for help with tricky scripts.
This blog will explore cybercriminals’ dark web discussions about programming languages, from beginners to advanced, and how they utilize various coding languages for specific purposes. We’ll finish with a look at the up and coming programming languages for cybercriminals, and the need to continually adapt and innovate through code to overcome security operations. If cybercriminals don’t keep up to speed, they run the risk of losing their efficacy and social credibility as a threat actor.
Python and C: Beginning level programming for cybercriminals
A knowledge and understanding of programming languages is crucial if a cybercriminal wants to establish street cred and be viewed as a serious threat actor within the community. Despite no-code tools being available for almost any need on cybercriminal platforms, there is an unspoken expectation of cybercriminals to have some basic level of programming knowledge. This basic knowledge of coding enables them to customize those existing tools or create their own tools and malware to achieve greater criminal gains.
Cybercriminals just starting their programming journey often use programming subsections on forums to learn how to start, the top question being, “which programming language to learn first?”
Python for beginners:
Python is often recommended as it’s easy to learn and allows beginners to “focus on programming fundamentals” before moving on to more complex programming languages. Python also has large applicability—according to one user on the English-language cybercriminal forum RaidForums, Python is “flexible with what you can do and used to multiple different things, even web development [sic]”. Threat actors have also commented that Python can be used for creating botnets, malware, scripts targeting servers, password changers, and even scripts for “randomizing pictures” (which allow users to alter a picture’s metadata, change the image size, and add random filters).
The C’s for intermediates:C-languages: C, C+, C++, and C# are also commonly recommended. While C++ is seen as more difficult to learn than the other C’s and Python, forum users have commented that although it has a steep learning curve, it makes it exponentially easier to learn additional, niche programming languages later on. A RaidForums user commented that beginners in C++ will “learn a lot of programming concepts that are essential for making good programs and writing code in general”. Like Python, the C’s also have extensive applicability. Forum users mentioned they have used C++ for a variety of purposes, including creating botnets, malware, various configurations, checkers, and embedded web servers. One member of the Russian-language cybercriminal forum Exploit emphasized: “if the problem is just to choose [a programming language] – choose C++ […] Statistically, best products are written on C++” .
A note on choice:
Experienced users often point out that beginners should begin with the end in mind and choose programming languages based on what they intend to accomplish. When asked to recommend a beginners’ language, one RaidForums user commented: “it depends on your goal. Why do you want to learn to program? Build websites for fun? Automate your current job? Change careers? The answer depends on your goals”. In a different thread, another experienced user suggested: “C, Winapi, NativeApi, drivers – if you want to be a system programmer, Java or C# – if you want to work in big corporations, Python – for prototyping your algos and proof of concepts.”
Java, Kotlin, Python, PHP, and C#: Advanced level programming for cybercriminals
For more technically-advanced cybercriminals, there are dedicated subsections on forums for different programming languages, including Python, the C’s, PHP, Perl, .NET, JavaScript, HTML, and Delphi.
These subsections are mostly used to ask which programming language would be best for their use case. For instance, one Exploit member asked what to use for “Android development” and said; “Honestly i hate java, seems to be that kotlin have better syntax. would it be better to learn kotlin? for malicious purposes of course.”
Though they did not specify their purpose and intent, given the mentions of Kotlin and Java—programming languages commonly used for Android app development—they are most likely needing guidance for development of malicious Android apps. One respondent suggested that they should start with Java, and then learn Kotlin, as they would need “underlying java knowledge” to write “good code” in Kotlin.
Another use case of these subsections is to request scripts written in specific programming languages or share snippets of code that are difficult to get right. For example, one Exploit member asked where they could find “ready-made scripts for randomizing a picture in Python”, specifying their desired functionalities for the script, to which another user suggested a specific GitHub repository. Another Exploit member asked for “any and all malware coded in C# that I can study”, to which four other users replied with download links to malware written in C#, or links to Github repositories with content relating to malware written in C#.
Finally, these subsections are often utilized to share or sell programming scripts, methods, or tutorials. We’ve observed Exploit users advertising a botnet service written in C++, a Nulled user sharing a link to a “library” they created to help users create “checkers” in C#. Or another Nulled user posting tutorials on how to make “a simple Email bomber” with PHP and HTML, and a Cracked TO user sharing a “basic Discord bot” written in Javascript.
Rust, Python, and C++: The future of cybercriminal programming languages?
Given their long-standing popularity among cybercriminals, the C’s and Python were mentioned by several forum users as their go-to programming languages moving forwards. One user mentioned several languages they thought would be most popular over the next ten years, including C++, Java, GO, and ASM, adding “when it comes to cybersecurity, more languages you know, better off you are”.
Interestingly enough, several users highlighted the relatively obscure programming language Rust as the programming language of the future. One user said that, “sure hope rust gets more popular […] there is already an operating system made in rust called redox, you should for sure check it out. Of course, It is nowhere near as feature-rich and stable as linux, but […] it is still pretty amazing that you can code an entire operating system in one language”. Another user opined that “Rust will become popular eventually. I heard quite a lot of companies who have their code base written in C want to transfer it to Rust. So I would have definitely given Rust a shot.”
A highlighted benefit of Rust is its superior obfuscation capabilities and memory capabilities compared to that of C or C++. Rust is preferred not only by cybercriminals but also Microsoft’s Security Response Centre for its memory capabilities. In a RaidForums thread listing a long list of C++ features, another forum user simply replied “Rust is better haha, it has better memory management”. A previous Torum user supported this, saying “Concerning the near future, I personally see Rust (or maybe another language focused on memory safety) being used to code a new generation of OSes, drivers, software etc…” Whether these capabilities will be enough to dethrone the more popular programming languages such Python and C++ remains to be seen.
Closing thoughts:
The ever-accelerating speed with which system and security behavior solutions are being developed has increased the need for threat actors to learn and develop their programming skills. And while there are many ready-made and no-code tools available for threat actors to purchase for almost any given purpose, there is always the risk that the tools will be identified, analyzed, and incorporated into security solutions—rendering them detectable and less effective. Threat actors who know how to program therefore have an inherent advantage in being able to create bespoke tools that can evade security solutions for longer periods of time. If they don’t learn to code, both their efficacy and social credibility as a threat actor will be seriously diminished.
“Call to Action”
Need a quick overview on the dark web or want to understand monitoring of criminal forums and market places? See the dark web defined and a short history of dark web monitoring..
Looking to try on a dark web monitoring service? Test our dark-web monitoring software here.
Interested in which countries cybercriminals come from and what national languages they speak? See gender and nationality in the cybercriminal world.
Broadly interested in more cybercrime and dark web resources? Explore more articles and subtopics here.