One week ago, The internet has experienced a seismic event. Thanks to a vulnerability in Log4j, a popular open source library, countless servers around the world have suddenly exposed to relatively simple attacks. The first wave of attacks is going well. But what happens next will worry you.
So far, the vanguard of the Log4j hack has mainly consisted of cryptocurrency miners, malware that squanders the resources of an affected system to mine cryptocurrencies. (These are extremely popular in a few years before, before people realized that real money is in ransomware.) Several national spies have also been caught, according to recent reports from Microsoft and others. What seems to be missing are the ransomware, ransomware, disruptive attacks that have identified so much in the last two years or so. This will not be the case for long.
The hype is endemic in the cybersecurity world, as is the contagion of fear, uncertainty, and doubt. A lot of software has flaws; they all can’t be Therefore terrible. For all accounts, however, the Log4j vulnerability — also known as Log4Shell — lives up to the hype for a variety of reasons. The first is the popularity of Log4j itself. As a logging framework, it helps developers keep track of whatever goes on inside their apps. Because it is open source and reliable, it has become standard practice to plug in Log4j instead of building your own logging library from scratch. Furthermore, a lot of modern software is brought together from different vendors and products so it can be very difficult, if not impossible, for many potential victims to even know their full exposure. If the Matryoshka doll in your same code runs Log4j, good luck finding it.
But wait a minute! Log4Shell is also relatively small to exploit. Just submit a piece of malicious code and wait for it to be logged. Once that happens, congratulations; you can now remotely run any code you want on the affected server. (Note: This is the short version. It’s a bit more complicated in practice. Also, Log4j versions prior to 2.0 don’t appear to be affected, although there is some argument there.)
It is the combination of severity, simplicity, and ubiquity that has left the security community reeling. Amit Yoran, CEO of cybersecurity firm Tenable and founding director of US-CERT, the organization responsible for coordinating the public-private response to digital threats, said: “This is by far the biggest and most serious security flaw.
So far, however, that scourge seems slow to emerge. Hackers are completely targeting Log4j; Security firm Check Point has seen more than 1.8 million exploit attempts since Friday, according to spokesman Ekram Ahmed. At some point, they saw more than 100 attempts per minute. And state-sponsored groups from China and Iran have been found to use Log4Shell to establish a foothold in various goals. For now, however, crypto miners are still dominating.
“Miners are often the first to get started because they are the lowest-risk form of cybercrime,” said Sean Gallagher, senior threat researcher at cybersecurity firm Sophos. “They don’t require a lot of hacking other than hacking, they don’t require a lot of hands-on keyboarding skills to deploy. They are usually packaged and ready to use; All they need is a hole to get in. ”
