- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January
The critical remote code execution vulnerability in Apache’s Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
Cybersecurity company Kaspersky said it logged and blocked 30,562 attempts by hackers to use the Log4Shell exploit that was discovered in December 2021. While that marks a decline from when it was first reported, Kaspersky warns that it’s here to stay as a new tool in cyber criminals’ arsenals.
Log4Shell is an exploit that targets Apache’s Log4j library, which is used to log requests for Java applications. If successful, an attacker that uses Log4Shell can gain total control over affected servers. Some big-names have been found vulnerable, too: Apple, Twitter, Steam and others were all found to have unpatched versions of Log4j on their servers when news of the exploit went public.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Log4Shell was dangerous enough to earn a 10 (out of 10) on the CVSS severity scale, and with good reason: While many high-profile companies and websites make use of Log4j, countless smaller sites, projects and applications use it, too. John Hammond, senior security researcher at Huntress, ascribed Log4Shell’s severity to the fact “that the ‘log4j’ package is so ubiquitous.”
Evgeny Lopatin, security expert at Kaspersky, said that cybercriminals are actively scanning for vulnerable servers, and not all attackers may be attempting to hit a specific target. “This vulnerability is being exploited by both advanced threat actors who target specific organizations and opportunists simply looking for any vulnerable systems to attack. We urge everyone who has not yet done so to patch up and use a strong security solution to keep themselves protected,” Lopatin said.
Since the announcement of Log4Shell in December, Kaspersky said its products detected and prevented 154,098 attempts to scan and attack vulnerable devices, with most targets located in Russia, Brazil and the United States.
Preventing a Log4Shell attack on your systems
Anyone responsible for systems that run Apache software or otherwise make use of Log4j because of Java applications should act now to ensure their systems are safe. Luckily, Apache has already released an updated version of Log4j that closes the exploit. Apache has also published a page for Log4j covering the vulnerability and their efforts to patch it, which is a good resource for anyone in the position to be responsible for affected systems.
Kaspersky also recommends checking with vendors to see if their software is affected, and whether or not a patch is available (Cisco, Oracle and VMware have already taken action). It also recommends installing security software that is able to log and detect scans that indicate an attacker is looking for systems vulnerable to Log4Shell.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
It’s also worth noting that previous headlines advising companies to update Java itself is outdated news, and only updating Java won’t solve the problem: Be sure to update everything.
An open-source tool from security provider WhiteSource was released that can detect Log4Shell vulnerabilities, and it’s a good idea for organizations to download it, or a similar tool, to look for weak spots that you may not know you have.