Register now for better personalized quote!

Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability

Dec, 14, 2021 Hi-network.com

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow.

The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed enterprise systems.

In some cases, organisations may not even be aware that the Java logging library forms part of the applications they're using, meaning they could be vulnerable without knowing it. Online attackers have been quick to take advantage of the vulnerability -also known as Log4Shell -as soon as they can.


LOG4J FLAW COVERAGE - WHAT YOU NEED TO KNOW NOW

  • US warns Log4j flaw puts hundreds of millions of devices at risk
  • Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability 
  • Log4j RCE activity began on December 1 as botnets start using vulnerability 

There was evidence of attackers scanning for vulnerable systems and dropping malware just hours after Log4J was publicly disclosed.

At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. "Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups," said cybersecurity company Check Point.

And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks. 

The number of successful exploits is likely to be much lower, but the figure shows that there are those out there who are looking to try their luck against a new -and potentially difficult to patch -vulnerability.

"Unlike other major cyberattacks that involve one or a limited number of software, Log4j is basically embedded in every Java-based product or web service. It is very difficult to manually remediate it," Check Point said in a blog post.

Some of the attacks launched by exploiting the Log4j vulnerability include delivering cryptomining malware, along with delivering Cobalt Strike, a legitimate penetration-testing tool that cyber criminals have been known to use to steal usernames and passwords to gain further access to networks.

National cybersecurity bodies around the world have been quick to issue warnings as to how dangerous Log4j could be.


LOG4J FLAW COVERAGE - HOW TO KEEP YOUR COMPANY SAFE

  • Log4j zero-day flaw: What you need to know and how to protect yourself 
  • Security warning: New zero-day in the Log4j Java library is already being exploited 
  • Log4j flaw could be a problem for industrial networks 'for years to come' 

Jen Easterly, director of CISA described the Log4J vulnerability as "one of the most serious that I've seen in my entire career, if not the most serious".

Meanwhile, the UK's National Cyber Security Centre (NCSC) has urged organisations to install the latest updates wherever Log4j is known to be used.

"The key step for organisations is to patch enterprise software quickly, and for developers using Log4j to update and distribute their software as soon as possible," said an NCSC spokesperson in an email to ZDNet.

"For the public it's important to keep updating devices as developers' understanding of the vulnerability grows," they added.  

MORE ON CYBERSECURITY

  • Log4j flaw puts hundreds of millions of devices at risk, says US cybersecurity agency
  • Log4j update: Experts say log4shell exploits will persist for 'months if not years'
  • Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability
  • Log4j RCE activity began on December 1 as botnets start using vulnerability

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.