EXECUTIVE SUMMARY:

Cyber security researchers uncovered a severe vulnerability, common to many organizations, which allows hackers to engage in remote system takeovers. Hackers can inject malware, worms, and steal user credentials, enabling them to pursue a vast array of cyber attacks. 

Thousands of attempts to exploit this critical vulnerability have been reported, and cyber security professionals are fighting to fend off the fiends. Forty percent of organizations worldwide have already experienced a related attack. Cyber security researches at Check Point observe more than 100 attempts to exploit the vulnerability every minute.

Attackers are actively chasing this vulnerability. In addition to remote takeovers, hackers have deployed cryptocurrency-mining malware and botnets –ranging from Mirai to Kinsing- while exploiting this flaw. Further, Microsoft reports active attempts to install Cobalt Strike on vulnerable systems, which would allow hackers to steal usernames and passwords.

The ubiquity of this vulnerability

Security-mature organizations may have learned of the vulnerability days ago, and may be relatively advanced in their patching and remediation efforts. However, less security-mature organizations may be unaware that the vulnerability exists on their network.

“I cannot overstate the seriousness of this threat. On the face of it, this is aimed at crypto miners, but we believe this creates just the sort of background noise that serious threat actors will try to exploit in order to attack a whole range of high-value targets such as banks, state security and critical infrastructure,” says Check Point’s director of threat intelligence and research, Lotem Finkelstein.

Organizations of all types are encouraged to counter the threat as soon as possible. A handful of experts have dubbed the Log4Shell issue that largest cyber security calamity of this year.

Technical details: Log4Shell

The flaw, known as Log4Shell, is extremely easy for hackers to exploit. The flaw resides in the Java logging library; Apache Log4j. As reported today, the latest variations on the vulnerability allow hackers to seamlessly slip past security systems.

How to combat this threat

• Take immediate action
• Investigate any potential compromises that may have taken place
• Install the latest updates as soon as possible
• Cyber security tools, such as Quantum Gateway, can protect organizations

Log4Shell threat could worsen

If your organization maintains only a single layer of security, it may not be enough to protect your organization from this threat. Experts advise that organizations maintain a multilayered security posture, providing maximum security for systems.

Researchers assert that the evolution of the Logj4 vulnerability has already yielded more than 60 larger and more destructive mutations – all developed in under a day. “The internet is on fire…” said one anonymous security engineer.

“Since Friday, we have witnessed what looks like an evolutionary repression, with new variations of the original exploit being introduced rapidly: over 60 in less than 24 hours,” say researchers.

This article will be updated as the story continues to unfold. Get more information about the vulnerability here. Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.