After C and Java, Python is Popular for Creating Hacking Tools

Imperva the web security firm published attack statistics during the end week of September and accordingly stated that after C and Java programming languages, hackers along with other web strikers greatly prefer Python to write their malware programs.

The firm explains that over 33 percent of assaults every day targeted at websites Imperva protects occur with the aid of some legitimate else malicious tool that is written with Python language. The firm asserts that about 77 percent of the whole lot of websites it safeguards had become victimized with one or more tools coded in Python.

What's more, when Imperva scanned the various tools which hackers utilized to execute their assaults, it found over one quarter had been Python-based, currently the most popular tools among web attackers.

Python-based hacking tools have several advantages such as a syntax that can be easily picked up; online tutorials of considerable breadth; and a huge collective of libraries as well as other types of ready to use tools obtainable from GitHub or PyPI, thereby increasing the popularity of the tools.

Ironically, plentiful of Python-coded tools which cyber-criminals utilize are originally requisites for legitimate apps, alternatively security researchers' own necessities to conduct tests of their systems vis-à-vis different security flaws. However, if these tools used to conduct tests once manage to appear on GitHub, their availability becomes easy on public domain that hackers access and pick the tools from for various malicious purposes.

Meanwhile, Imperva's data suggests that Python tools of the legitimate kind which are most abused include "urllib" and "requests" libraries the dual foundation tools for nearly all Python web applications. And so far as hackers find these tools useful, the team of Imperva experts states the attackers use the tools for exploiting vulnerabilities such as CVE-2018-1000207 (ModX PHP CMS), CVE-2015-8562 (Joomla), or CVE-2017-9841 (PHPUnit).

Conclusively, for users who've their website, web server, or web app running online, it may quite be that somebody is employing one Python-coded tool for infiltrating their server. That is nothing astonishing because Python, like Java, is versatile, while far easier to become skilled at for the well-intended and not-so-well-intended alike.

» SPAMfighter News - 10/10/2018