Thousands of attempts are being made by attackers to exploit the Log4j vulnerability to steal website passwords, credit card details, apps information, etc.
 |
| Log4j vulnerability |
The Log4j issue also known as "Log4Shell" is a zero-day vulnerability (CVE-2021-44228) that was discovered on December 9 and has the potential to provide unauthenticated remote code execution and access to systems.
Log4j is utilized in a wide range of commercial and open-source software, including cloud platforms, online apps, and email services, implying that attempts to exploit the vulnerability might put a large range of software at risk.
The Log4j vulnerability, a zero-day vulnerability, poses an urgent threat to websites that store your passwords and credit cards.
Attackers are scanning for susceptible computers to install malware, steal user passwords, and more, according to cybersecurity experts.
Security researchers have warned that cyber attackers are attempting over a hundred times per minute to exploit a significant security flaw in the Java logging library Apache Log4j.
Attackers are already scouring the internet for vulnerable Log4j instances, with Check Point cybersecurity analysts estimating that over 100 attempts to exploit the flaw are made every minute.
However, Sophos cybersecurity analysts say they've seen hundreds of thousands of attempts to remotely execute malware using the Log4j weakness in the days since it was made public, as well as scans looking for the flaw.
Read More: Minecraft Discovered Bug in Log4j application poses a serious danger to the Internet
There are already live cases of attackers attempting to exploit Log4j vulnerabilities to install cryptocurrency-mining malware, as well as reports of many botnets attempting to exploit it, including Mirai, Tsunami, and Kinsing.
Microsoft researchers have also issued a warning about attacks attempting to exploit Log4j flaws, including crypto-mining malware and active attempts to install Cobalt Strike on vulnerable systems, which could allow attackers to steal usernames and passwords.
Cybercriminals frequently attempt to exploit newly disclosed vulnerabilities in order to have the best chance of exploiting them before they're remediated – but in this case, the ubiquity of Log4j, as well as the fact that many organizations may be unaware that it's part of their network, means that attempts to scan for access may have a much larger window.
Everyone is at risk from a massive Log4Shell internet security issue – here's what you can do about it.
The extremely catastrophic server-software bug known as "Log4Shell," which afflicted many Minecraft players at the end of last week, has now spread to the entire internet, as expected. It's one of the most serious computer-security flaws the world has ever seen in terms of potential damage.
"I cannot exaggerate the gravity of this threat," Israeli security firm Check Point researcher Lotem Finkelstein told ZDNet.
Since a functional exploit for the vulnerability was revealed public on Thursday, his firm has seen over 850,000 attempted attacks on servers (Dec. 9).
The best part is that, with the exception of Minecraft players who utilize the Java Edition, this issue does not directly affect the average computer user. Since Wednesday (Dec. 8), a new version of the software in question has been available, but it's only useful if you're running a web server. Minecraft players will only need to upgrade their client software.
The bad news is that hundreds of thousands, if not millions, of web servers, are vulnerable and can be hacked with no effort. According to Microsoft and the Swiss government, criminals are already exploiting the issue to install coin-mining, botnet, and backdoor malware on servers. The foundation that maintains the program has given the defect a severity rating of ten out of ten.
Amazon, Apple, Baidu, LinkedIn, QQ, Steam, Tencent, Tesla, and Twitter all have servers that are vulnerable to some level, however, internal measures in each case may prevent further exploitation.
This weakness is likely to result in a slew of data breaches, ransomware attacks, credit-card thefts, and even "drive-by downloads." Anything saved on a web server is vulnerable.
'Unbelievably simple' attack against Log4Shell
According to Bogdan Zdrnja of the non-profit SANS Institute, "the exploit is truly very simple — which makes it very, very terrifying at the same time."
An attacker only needs to submit a tiny string of properly designed text to a web server. The text could be a forum post, a login attempt, a web page header string, or any other type of data that would normally be "recorded" by a server among hundreds of thousands of other daily log entries.
The attacker's text will persuade the targeted server to provide confidential information or even send a request for files to another server, such as one controlled by the attacker. As a result, the attacker's server can issue an instruction to the targeted server to download and execute malware, which the targeted server will then carry out.
One prankster even entered the attack code into the name of his iPhone and received a response from an Apple server.
A story in three parts 😶 #log4j pic.twitter.com/XMl02BcaJY
— Cas van Cooten (@chvancooten) December 10, 2021
This issue represents a "serious risk" and "an urgent challenge to network defenders," according to Jen Easterly, director of the US federal government's Cybersecurity and Infrastructure Security Agency (CISA).
While cybercriminals aiming to exploit Log4j vulnerabilities to install crypto-mining malware may appear to be a low-level threat at first, it's possible that higher-level, more serious cybercriminals will follow.
Read More: PS4 Update 9.03 is now available
"The gravity of this threat cannot be overstated. On the surface, this appears to be aimed at crypto miners, but we believe it creates exactly the kind of background noise that serious threat actors will try to exploit to attack a wide range of high-value targets, including banks, state security, and critical infrastructure "Check Point's director of threat intelligence and research, Lotem Finkelstein, stated.
What methods do you have to defend yourself against Log4Shell?
There's nothing you can do as a user to help fix the affected servers. However, you should be prepared for the worst because cybercrooks will exploit this hole in whatever way they can.
Expect your personal information to be exposed as a result of this defect in data breaches, putting you at increased risk of identity theft. Expect some of your credentials to be stolen, as well as some of your online accounts to be taken over.
Expect your favorite online retail websites to be hacked in order to steal your credit card information, a risk that is amplified during the holiday shopping season. Expect some of the websites you visit on a regular basis to be hacked and send you malware.
In other words, the hazards you already face online will be amplified to their highest level. This is what you must do.
Sign up for a password manager and use it. Many of the greatest password managers are partially or completely free, so there's no excuse not to do so. Make sure all of your passwords are strong and unique by using the password manager. You should do this now, rather than later, so that if one of your account passwords is compromised, only one account, not all of them, is at risk
Set up a free credit freeze to protect yourself from identity theft. You might also want to look into one of the top identity theft protection programs, but a credit freeze is the most effective preventative precaution you can take.
For the next few weeks, keep an eye on your credit card balances. If you notice anything that appears to be incorrect, contact the bank that issued the card immediately using the phone number on the back of the card.
For the next few weeks, keep an eye on your credit card balances. If you notice anything that appears to be incorrect, contact the bank that issued the card immediately using the phone number on the back of the card.
Read More: The Grand Theft Auto: San Andreas Update Modifies the Old Reece
For the following few months, keep an eye on your credit reports. Residents of the United States are entitled to one free credit report each week from each of the three major credit agencies (Equifax, Experian, and TransUnion) until April 2020.
Install the greatest antivirus software available. Microsoft Defender Antivirus is already incorporated into Windows 10 and 11, and it's extremely good, but it doesn't protect you from web-based threats that come in through non-Microsoft browsers like Google Chrome or Mozilla Firefox. Microsoft Defender is likewise ineffective on Android, Mac, and iOS.
What Is Log4Shell's flaw?
The problem in Log4Shell is discussed. In a nutshell, the Log4Shell bug, also known as CVE-2021-44228, affects a piece of open-source software called Log4j, a simple logging program for Java-based applications maintained by unpaid Apache Foundation volunteers. This incident has reignited calls for large firms that rely on open-source code to pay the developers who work on these programs in their spare time.
Logging applications are designed to simply record events rather than run code. Log4j, on the other hand, performs a terrible job of "sanitizing" the data it receives. As a result, attackers can smuggle malicious code into the system as explained above, then have the Java-based server run it.
Servers running Windows, Linux, Unix, or even macOS are all vulnerable because Java is a cross-platform environment meant to "live" on a variety of operating systems.
A 2016 Black Hat presentation raised the possibility that Java libraries like Log4j could be vulnerable to attack. However, researchers from Chinese internet giant Alibaba disclosed this vulnerability to the Apache Foundation on November 24, and a remedy was covertly created over the next two weeks and delivered on December 8.
The bug was used in mass attacks as soon as the proof-of-concept code was released the next morning. Cloudflare and Cisco Talos, two internet security businesses, analyzed their records and discovered indications of suspected exploit attempts dating back to December 1.
Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.
— Matthew Prince 🌥 (@eastdakota) December 11, 2021
Defenders pinging servers to check how prevalent the vulnerability was may have resulted in such "attempts." However, like with another issue earlier this year, it's possible that the flaw was discreetly supplied to state-sponsored security services.
Because of the seriousness of the vulnerability in such a frequently used library, organizations and technology providers are being advised to respond as quickly as possible.
The most critical part of this vulnerability, CVE-2021-44228, is to install the latest updates as quickly as possible, according to a warning from the UK's National Cyber Security Centre (NCSC).
Despite the fact that the Log4j security flaw was only recently discovered, evidence suggests that attackers have been exploiting the flaw for some time before it was made public.
0 Comments
please do not enter any spam link in the comment box