Home Business An Acute Remote Code Execution Vulnerability Reported!

An Acute Remote Code Execution Vulnerability Reported!

This vulnerability, because of the complexity in patching it and easiness to exploit, will stay with us for years to come, unless companies and services take immediate action to prevent the attacks on their products by implementing a protection.

by K. Vatsala Devi
244 views
vulnerabilities discovered

An acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228) on 9 December 2021. According to Check Point Research (CPR), Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project.

The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft and more.

At present, most of the attacks focus on the use of a cryptocurrency mining at the expense of the victims, however under the auspices of the noise more advanced attackers may act aggressively against quality targets.

The Seriousness of the Vulnerability

Since 9 December, CPR has witnessed what looks like an evolutionary repression, with new variations of the original vulnerability being introduced rapidly – over 60 in less than 24 hours. Lotem Finkelstein, Director of Threat Intelligence and Research for Check Point Software Technologies said that he cannot overstate the seriousness of this threat. Since Friday, Lotem said, CPR witnessed what appears to be an evolutionary repression, with new variations of the original exploit being introduced rapidly — over 60 in less than 24 hours. It looks almost limitless

 “On the face of it, this is aimed at crypto miners but we believe this creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high value targets such as banks, state security and critical infrastructure,” he said.

“For example, it can be exploited either over HTTP or HTTPS (the encrypted version of browsing). The number of combinations of how to exploit it gives the attacker many alternatives to bypass newly introduced protections. It means that one layer of protection is not enough, and only multi layered security posture would provide a resilient protection,” he further elaborated.

Unlike other major cyber-attacks that involve one or limited number of software, Log4j is basically embedded in every Java based product or web service. It is very difficult to manually remediate it. Once an exploration was published, scans of the internet ensued (to allocate surfaces which are vulnerable due to this incident).

He also further added that those who won’t implement a protection are probably already scanned by malicious actors. They already saw over 470,000 attempts to scan networks of around a third of all enterprises globally. Most worrying is the fact that almost half of those attempts were made by known malicious groups.

Safety Measure Against Vulnerability

“This vulnerability, because of the complexity in patching it and easiness to exploit, will stay with us for years to come, unless companies and services take immediate action to prevent the attacks on their products by implementing a protection. Now is the time to act. Security teams need to jump on this with utmost urgency as the potential for damage is incalculable. The need for a rapid response is highlighted by the fact that this was discovered at the end of the working week in the run up to the holiday season when security teams may be slower to implement protective measures,” he concluded.   

At Check Point Software they have, for several months, been sounding the alarm about a ‘cyber pandemic’ and this is exactly what they are referring to. It’s highly contagious and spreads rapidly, so constant vigilance and a robust prevention strategy are essential.

Tim Mackey, who is the principal security strategist for Synopsys Cybersecurity Research Center said that protecting against exposure to CVE-2021-44228 starts with a basic element of software supply chain risk management – know the code that powers your business.

“If you don’t know which applications run Java and have a vulnerable version of log4j, then you can’t guarantee you’ve patched everything. If you’re relying on periodic scans of software or configurations to determine whether you’re exposed to something, then it’s time to start looking at continuous monitoring for software supply chain issues and possibly implementing automated pen-testing capabilities. After all, it’s always possible for a vulnerable version of something that should’ve been patched to be used elsewhere or by a different supplier,” he commented.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go

FREE
VIEW