in ,

Attackers are making lots of attempts to exploit the Log4j vulnerability

The cybersecurity world has a freshly minted vulnerability to deal with, and attackers are rapidly taking advantage of it. Researchers are now warning that attackers are scanning for systems that are vulnerable to Log4j to install malware and steal user credentials.

The Log4j flaw was first reported on December 9 and is a zero-day vulnerability. Hackers can get into systems using the flaw and execute code remotely.

Attackers are not wasting time to exploit Log4j, with experts at Check Point warning that over 100 attempts are made every minute. Researchers at Sophos corroborate this claim, as they report detecting hundreds of thousands of attempts to breach security through Log4j.

Cryptocurrency is a significant target for attackers trying to take advantage of Log4j vulnerabilities as they attempted to install it on crypto-mining malware, with active cases recorded. Even botnets like Mirai, Tsunami, and Kinsing are getting in the game.

Microsoft’s researchers have also issued warnings about attacks through the Log4j vulnerability. With many organizations and networks yet to be made aware of the vulnerability, attackers are trying to do as much damage as possible in the open window.

For folks who think the Log4j vulnerability is not serious, Lotem Finkelstein, director of threat intelligence and research for Check Point, has this warning, “I cannot overstate the seriousness of this threat. On the face of it, this is aimed at crypto miners but we believe this creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high-value targets such as banks, state security, and critical infrastructure.”

The UK’s National Cyber Security Center (NCSC) warns that network admins should install the update that patches the vulnerability as soon as possible.

What is Log4j?

Log4j was reported by Alibaba Group’s cloud-security team. The vulnerability affects Apache Log4j, a popular java logging library that many companies use globally to log info from a wide range of popular apps.

Hackers can easily exploit it to control java-based web servers and launch remote code execution attacks, according to Checkpoint.

As per Checkpoint, new variants of the original exploit have been coming, with up to 60 different variants within 24 hours.

Noting how easy it is for attackers to use the exploit, Checkpoint said, “For example, it can be exploited either over HTTP or HTTPS (the encrypted version of browsing). The number of combinations of how to exploit it give the attacker many alternatives to bypass newly introduced protections. It means that one layer of protection is not enough and only multi-layered security posture would provide a resilient protection.”

The Log4j has been called a cyber pandemic, which refers to severe attacks that spread quickly. Since it is being actively exploited by hackers, the vulnerability has been awarded a zero-day status. The fix for the Log4j vulnerability is yet to reach all systems that could be compromised.

Experts believe hackers had been exploiting the vulnerability days before it was discovered. Checkpoint estimates that over 36.8 percent of corporate networks globally have been attacked.

The popular game Minecraft has acknowledged the vulnerability and has advised players to stop all running instances of the game, including the launcher. After the patch has been downloaded, the launcher should be restarted.

Software vendors have been rushing out patches and workarounds for their products. Suggested workaround includes setting the log4j2.formatMsgNoLookups flag to true, or removing the JndiLookup class from the classpath used by Java.

Written by HackerVibes

The top windows 11 features that will change how you use your PC

Here is our list of the best satellite internet services