Researchers at multiple cybersecurity companies have warned that hackers have launched more than 840,000 attacks in the past 72 hours as a result of the recently disclosed Log4J exploit. Worse still, this round of attacks that have spread around the world is not without purpose, because those with ulterior motives have also set their sights on well-known enterprises such as Apple, Amazon, IBM, Microsoft, and Cisco.
(From Check Point)
Last week, several media outlets, including TechSpot, continued to report on log4J vulnerabilities in open source software. Since Friday, the problem has quickly become an epidemic in the community.
Check Point, a security firm that continuously monitors developments, for example, has observed more than 100 Log4J attacks per minute.
Charles Carmakal, chief technology officer of cybersecurity firm Maniant, said in an interview with ArsTechnica that while hackers are scattered around the globe, more attacks are already on the way.
Cybersecurity companies such as SentinelOne have also confirmed the involvement of many hacking groups with deep backgrounds.
Check Point analysis notes that well-known hacking groups account for more than half of exploits, by deploying common malware to build their botnets (such as Tsunami and Mirai), or by expending victims' device resources to mine cryptocurrencies such as Monero (such as XMRig).
The vulnerability, originally discovered on Minecraft servers, exploited a flaw in Java to launch a remote code execution attack that controlled the system completely. Luna Sec notes that the Apache Struts framework, used on thousands of business servers, is highly vulnerable to the Log4J vulnerability.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), appealed to industry leaders that the breach was one of the worst categories he had seen in his career and could affect hundreds of millions of devices.
Check Point concludes: Hackers have exploited the Log4J vulnerability to take over victims' computers to perform anything from cryptocurrency mining, spamming, to launching distributed denial-of-service (DDoS) attacks through large botnets.
At present, the UK National Cyber Security Centre and the US CISA have strongly urged relevant enterprises to raise security awareness and promptly put urgent patches on their business platforms. While no serious breaches have been reported, IT administrators clearly can't take it lightly.
Nicholas Sciberras, head of engineering at Acunetix, said: "Exploiting this vulnerability could give attackers almost unlimited powers – for example, they could extract sensitive data, upload files to servers, delete data, install ransomware, or spread further to other servers."