Over 800,000 attempted incursions into network systems were observed in fewer than 72 hours. Although widespread ransomware attacks haven’t yet been reported, hackers could be playing the long-game.
Once inside systems, attackers could persist there for months; unnoticed. At some point, organizations could find themselves perpetually playing whack-a-mole.
Access brokers have already been observed selling network access to ransomware-as-a-service affiliates.
Log4j ransomware attacks
In relation to Log4j, experts report observation of the Khonsari ransomware. Khonsari is not widespread, but further attacks are “highly probable,” according to Check Point Software’s Ekram Ahmed.
At present, researchers are tracking a malware attack related to a crypto miner and Cobalt Strike, the latter of which is popular among ransomware gangs.
Key Log4j statistics
- 46% of corporate networks have incurred intrusion attempts related to Log4j
- 3 million attempts to exploit the vulnerability have been made
- Over 60 variations on the original Log4j exploit were introduced in 24 hours
- 7,000+ open source projects rely on Log4j as a dependency
Fun fact: Log4j is so common that it’s been included as a building block in the helicopter aboard the Mars rover.
What this means
According to researchers with Check Point Software, the attacks relating to the vulnerability have accelerated. On some occasions, researchers observed more than 100 attacks-a-minute. Nearly a dozen different groups are exploiting the malware to gain footholds in ecosystems.
Perpetrators have managed to gain remote control over machines operating apps in Java. In many instances, cyber criminals weaponized computers to mine cryptocurrency or marshalled them for use in botnets. However, attacks may be preparing for ransomware raids.
Attacks associated with Log4j
Numerous nation-state based cyber adversaries are eager to use the Log4j vulnerability for their own gain. Nearly 50% of attacks to-date have been launched by well-known nation-state backed groups, who hail from a variety of geographic locales.
According to Microsoft, attackers have attempted to use the Log4j bug as an access point on both Windows and Linux systems. In turn, we may see an increase in human-operated ransomware.
Despite the proliferation of attack attempts, this period may still represent the quiet before the storm. Hackers who access systems right now may linger unnoticed on networks for days, weeks, or months ahead of unleashing a devastating attack.
Cyber adversaries may also leverage Log4j to obtain as many organizational access credentials as possible. Ultimately, hackers will monetize or otherwise capitalize on their use.
Global remediation plans
International agencies provided alerts to critical infrastructure agencies and other major organizations, and urged them to make upgrades in relation to the Log4j issue. A variety of information technology and cyber security companies have rushed to release patches.
Most recently, the Apache Software Foundation (ASF) has released a new patch after the previously Log4Shell patch was labeled incomplete in certain capacities. This effectively remediates a second Log4j vulnerability.
Nonetheless, due to technological complexity within organizations and products, experts contend that the Log4j vulnerability could precipitate a true cyber pandemic.
“Unlike other major cyber attacks that involve one or a limited number of software, Log4j is basically embedded in every Java based product or web service. It’s very difficult to manually remediate it,” stated Check Point Software.
Lastly, to learn more about pressing issues in the cyber world, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.