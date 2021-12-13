



Security researchers warn that cyber attackers are trying to exploit a critical security vulnerability in the Java logging library Apache Log4j more than 100 times per minute.

A flaw in Log4j (now also known as “Log4Shell”) is a zero-day vulnerability (CVE-2021-44228) that was first revealed on December 9th, which is an unauthenticated remote code execution and server. There is a warning that it may allow access to.

Log4j is used in a variety of forms of enterprise and open source software, including cloud platforms, web applications, and email services. In short, there is a wide variety of software that can be at risk of attempts to exploit this vulnerability.

Log4j Defect Coverage-What You Need to Know Now

Attackers have already scanned the Internet for vulnerable instances of Log4j, and Check Point cybersecurity researchers have warned that they are trying to exploit this vulnerability more than 100 times per minute.

Meanwhile, Sophos cybersecurity researchers have attempted hundreds of thousands of remote code executions using the Log4j vulnerability, along with a scan to search for the vulnerability, within days of the release of the Log4j vulnerability. Is warned that it has been detected.

There are already active examples of attackers trying to install cryptocurrency mining malware using Log4j vulnerabilities, but there are also reports that some botnets such as Mirai, Tsunami and Kinsing are trying to use it. I have.

Microsoft researchers have also warned of attacks attempting to exploit the Log4j vulnerability and aggressive attempts to install Cobalt Strike on vulnerable systems where attackers could steal usernames and passwords. increase.

Cybercriminals typically exploit newly disclosed vulnerabilities to maximize their potential for exploitation before they are fixed, in which case Log4j is ubiquitous. Gender and many organizations may not be aware that it is part of their network, which means there may be a much larger window for attempts to scan access. increase.

Also, cybercriminals trying to install cryptographic malware using Log4j’s vulnerabilities may initially look like relatively low-level threats, but higher-level and more dangerous cyberattacks. May try to track you.

“The seriousness of this threat cannot be exaggerated. At first glance, it targets crypto miners, but it is intended to be exploited by serious threat attackers to attack a wide range of high attacks. We believe it creates a kind of background noise, such as value goals for banks, national security, critical infrastructure, etc., “said Lotem Finkelstein, Director of Threat Intelligence and Research at Checkpoint.

The severity of these widely used library vulnerabilities means that organizations and technology vendors are being urged to counter threats as soon as possible.

“For this vulnerability CVE-2021-44228, the most important aspect is to install the latest updates as soon as possible,” said a warning from the National Cyber ​​Security Center (NCSC) in the United Kingdom. increase.

Log4j’s security issue was only recently revealed, but evidence suggests that an attacker had exploited it for some time before exposing this vulnerability.

Cyber ​​security details

