A new discover vulnerability in a widely use software library is causing mayhem on the Internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness. The vulnerability, known as Log4j, comes from a popular open-source product that helps software developers track changes in applications that they build.
It is so popular and embed across many companies’ programs that security executives expect widespread abuse.
Amit Yoran, chief executive of Tenable, a network security firm, and the founding director of the US Computer Emergency Readiness Team Said :
“The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade,”.
The US government sent a warning to the private sector about the Log4j vulnerability and the looming risk it poses.
The leader of CISA said it was one of the worst vulnerabilities seen in many years.
They urge companies to have staff working through the holidays to battle those using new methods to exploit the flaw.
Much of the software affect by Log4j, which bears names like Hadoop or Solr, may be unfamiliar to the public at large.
But as with the SolarWinds program at the center of a massive Russian espionage operation last year, the ubiquity of these workhorse programs makes them ideal jumping-off points for digital intruders.
Juan Andres Guerrero-Saade, the principal threat researcher with cybersecurity firm SentinelOne, called it “one of those nightmare vulnerabilities that there’s pretty much no way to prepare for.”
While a partial fix for the vulnerability was release on Friday by Apache, the maker of Log4j, affect companies and cyber defenders will need time to locate the vulnerable software and properly implement patches.
Log4j itself is maintain by a few volunteers, security experts said.
The flaw allows an outsider to enter active code into the record-keeping process.
That code then tells the server hosting the software to execute a command giving the hacker control.
The issue was first publicly disclose by a security researcher working for Chinese technology company Alibaba Group Holding Ltd, Apache noted in its security advisory.
It is now apparent that initial exploitation was spot on 2nd December 2021, before a patch roll out a few days later.
The attacks became much more widespread as people playing Minecraft use it to take control of servers and spread the word in gaming chats.
So far no major disruptive cyber incidents have publicly documented as a result of the vulnerability, but researchers are seeing an alarming uptick in hacking groups trying to take advantage of the bug for espionage.
Chris Evans, chief information security officer at HackerOne Said :
“We also expect to see this vulnerability in everyone’s supply chain,”.
Multiple botnets, or groups of computers control by criminals, were also exploiting the flaw in a bid to add more captive machines, experts tracking the developments said.
What many experts now fear is that the bug could be use to deploy malware that either destroys data or encrypts it, like what was use against U.S. pipeline operator Colonial Pipeline in May which led to shortages of gasoline in some parts of the United States.
Guerrero-Saade said his firm had already seen Chinese hacking groups moving to take advantage of the vulnerability.
The US cybersecurity firms Mandiant and Crowdstrike also said they found sophisticated hacking groups leveraging the bug to breach targets.
Mandiant describe those hackers as “Chinese government actors” in an email to Reuters.
THANK YOU FOR READING.
