Just when you thought 2021 had already been bad enough for cyber security, with all the high-profile ransomware attacks and massive data leaks that took place over the past twelve months, the Log4j exploit came along and trumped everything else.
The latest reports from security outlets indicate that the alternative ways to exploit the vulnerability are growing and mutating, and it is also likely that this issue will haunt us for a while. The exploit may uncover vulnerabilities within some of the most popular applications and services on the Internet.
A "perfect 10" vulnerability
The Log4j vulnerability, given the name LogShell, logged as CVE-2021-44228 and bearing a maximum severity score of 10, was first spotted by Alibaba in late November 2021 and has been exploited heavily ever since. In essence, it is a remote code execution bug and affects a large number of services spanning everything from online platforms to game clients and services.
According to security researchers with Check Point, within the span of mere days threat actors have already come up with a staggering 60+ variations and alterations of the initial exploit. Furthermore, new ways to exploit Log4j have been introduced, including exploits using HTTP or HTTPS, which simply gives the already massive surface area for attacks even new points of entry that are accessible to even more threat actors.
The bug was initially exploited primarily for installing crypto-mining tools on compromised systems and using their resources for illegal mining. However, within just a few days this focus has shifted towards data exfiltration.
The incredible surface area offered by the exploit also means that even as patches are rolled out and applied globally, there will still be vulnerable systems for months to come. Log4j is very easy to exploit and doesn't take an inordinate amount of skill or very high-end tools. At the same time, it resides in a component that is very widespread and often bundled with other services and solutions. All of this makes Log4j / LogShell a very nasty issue to take care of.
Cyber security firm Imperva reported observing over a quarter million attacks per hour and that number is expected to grow larger as new modifications and variations of the attack are discovered.