Security

Python is a hit with hackers, report finds

Imperva: Up to 77 percent of the sites we monitor were attacked by a Python-based tool.

This article originally appeared on ZDNet.

After breaking into the top three most popular programming languages for the first time this month, behind C and Java, Python has also won the hearts of hackers and web nasties, according to attack statistics published this week by web security biz Imperva.

The company says more than a third of daily attacks against sites the company protects come from a malicious or legitimate tool coded in Python.

Imperva says that around 77 percent of all the sites the company protects, have been attacked by at least one Python-based tool.

SEE: Information security incident reporting policy (Tech Pro Research)

Furthermore, when the company looked at the list of tools that hackers used for their attacks, more than a quarter were coded in Python, by far the attackers' favorite tool.

"Hackers, like developers, enjoy Python's advantages which makes it a popular hacking tool," the Imperva team says.

These advantages include an easy to pick up syntax, a breadth of online tutorials, and an extensive collection of libraries and other ready-made tools available in places like PyPI and GitHub.

In fact, many of the Python tools attackers use have often been created for use inside legitimate apps, or by security researchers themselves, for use in testing their own systems against various vulnerabilities.

But once these testing tools make it on GitHub, they also enter the public domain, from where hackers deploy them in other ways than the ones for which they were initially created.

SEE: Is Julia the next big programming language? (TechRepublic)

Based on Imperva's data, the most abused legitimate Python tools are the "requests" and "urllib" libraries, two of the cornerstones of almost any Python web app.

As for what hackers do with these things, Imperva's crew says they're attempting to exploit vulnerabilities like CVE-2017-9841 (PHPUnit), CVE-2015-8562 (Joomla), or CVE-2018-1000207 (ModX PHP CMS).

The moral of this report is that if you have a web app, web server, or website exposed online, it's quite likely that some script kiddie is using a Python tool downloaded from GitHub to break into your server. Which, in hindsight, is no surprise, since Python is just as versatile as Java, but much easier to learn, good and bad guys alike.

Also see

About Catalin Cimpanu

Catalin Cimpanu is a security reporter at ZDNet, where he covers cyber-security, data breaches, hacking, and other related topics. He previously served as security reporter for Bleeping Computer and Softpedia. Catalin is based in Romania.

Editor's Picks

Free Newsletters, In your Inbox