Hackers Launch Over 840,000 Attacks Via Log4J Flaw


Hackers Launch Over 840,000 Attacks Via Log4J Flaw

Matejmo | fake images

Hackers, including Chinese state-backed groups, have launched more than 840,000 attacks against companies worldwide since last Friday, according to researchers, through a previously unnoticed vulnerability in widely used open source software called Log4J.

Cybersecurity group Check Point said attacks related to the vulnerability had accelerated in the 72 hours since Friday, and that at some points its researchers were seeing more than 100 attacks per minute.

The perpetrators include “attackers from the Chinese government,” according to Charles Carmakal, chief technology officer for the cyber company Mandiant.

The flaw in Log4J allows attackers to easily gain remote control of computers running applications in Java, a popular programming language.

Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), told industry executives that the vulnerability was “one of the most serious I’ve seen in my entire career, if not the more serious, “according to US media reports. . Hundreds of millions of devices are likely to be affected, he said.

Check Point said that in many cases, hackers were taking control of computers to use them to mine cryptocurrencies or to become part of botnets – vast computer networks that can be used to overwhelm websites with traffic, send spam or to other purposes. illegal purposes.

Both CISA and the UK’s National Cyber ​​Security Center have issued alerts urging organizations to make updates related to the Log4J vulnerability, as experts try to assess the consequences. Amazon, Apple, IBM, Microsoft and Cisco are among those who have been quick to publish solutions, but so far no serious breaches have been publicly reported.

The vulnerability is the latest to affect corporate networks, following flaws last year in common-use software from Microsoft and IT company SolarWinds. Both of these weaknesses were initially exploited by state-backed spy groups from China and Russia, respectively.

Mandiant’s Carmakal said Chinese state-backed actors were also trying to exploit the Log4J bug, but he declined to share further details. SentinelOne researchers have also told the media that they have observed Chinese hackers taking advantage of the vulnerability.

According to Check Point, almost half of all attacks have been carried out by known cyberattacks. These included groups that used Tsunami and Mirai, malware that turns devices into botnets, or networks that are used to launch remotely controlled attacks, such as denial of service attacks. It also included groups that use XMRig, software that mines the hard-to-track digital currency Monero.

“With this vulnerability, attackers gain almost unlimited power: they can extract confidential data, upload files to the server, delete data, install ransomware, or pivot to other servers,” said Nicholas Sciberras, chief engineering officer for vulnerability scanner Acunetix. It was “astonishingly easy” to implement an attack, he said, adding that it “would be exploited in the next few months.”

The source of the vulnerability is faulty code developed by unpaid volunteers at the Apache Software Foundation, a non-profit organization, running multiple open source projects, raising questions about the security of vital parts of the IT infrastructure. . Log4J has been downloaded millions of times.

The flaw has gone unnoticed since 2013, experts say. Matthew Prince, CEO of cyber group Cloudflare, said it began to be actively exploited as of December 1, although there was “no evidence of massive exploitation until after public disclosure” of Apache the following week.

© 2021 The Financial Times Ltd. All rights reserved It must not be redistributed, copied or modified in any way.


arstechnica.com

Leave a Reply

Your email address will not be published. Required fields are marked *