The disclosed vulnerability is considered a large threat to global computer networks.
Few of us missed out on last week’s happening, when Log4j became a globally discussed theme and companies all over the world entered in a stage of fear. It is now more than one week ago since a flaw was detected in the commonly used internet software, Log4j. The happening is currently allowing potentially devastating cyberattacks to extend across economic sectors and international borders, according to The Wall Street Journal.
The disclosed vulnerability is considered a large threat to global computer networks. On the 14th of December, security researchers revealed that the disclosure of the flaw had caused over 840,000 cyberattacks. Criminals have targeted companies globally, including well-known giants like Apple, Amazon, IBM, Microsoft, and Cisco, announced by TechSpot. Researchers have also observed that attackers use Log4j to install ransomware on honeypot servers — machines that are made deliberately vulnerable for the purpose of tracking threats, reported by The Verge.
Log4j is a Java library and one of the most widely used tools to collect information across corporate computer networks, applications and websites. The software is used by developers to record user activity and the behavior of applications for subsequent review. Log4j is distributed for free by the nonprofit Apache Software Foundation, and is maintained by their volunteers, which recently have worked day and night to release security updates due to the disclosure, according to CNN Business.
Vulnerability detected in the first patch created
After the Log4j disclosure, open source developers quickly released an update that patched the flaw and told all users to immediately install it. Shortly after, researchers reported that there were at least two vulnerabilities within the patch, released as Log4J 2.15.0, and that criminals were exploiting those against real-world targets who had already applied the update. In the end, a new patch releases as 2.16.0 was created and approved as safe to use, stating Ars Technica.
How hackers can take advantage of the situation
The flaw discovered allows criminals to execute code remotely on a target computer, which means that they can steal data, take full control or install malware. Some criminals install software that uses a hacked system to mine cryptocurrency, while others develop malware that allows criminals to hijack computers for large-scale assaults on internet infrastructure, reported by The Wall Street Journal.
Attackers appear to have had more than a week’s ahead start on exploiting the software flaw before it was publicly disclosed, according to CNN Business. Microsoft is one of the well-known companies that already got affected by the disclosure. On the 7th of December, Microsoft said in a blog post that state-backed hackers from China, Iran, North Korea and Turkey had tried to exploit the Log4j flaw. On 15 of December, they also confirmed that a new ransomware family deployed by the Log4j vulnerability known as Khonsari, had been used in attacks on non-Microsoft hosted Minecraft servers, reporting Venture Beat.