EXECUTIVE SUMMARY:

The Log4j vulnerability posed a multi-faceted challenge for organizations and management teams worldwide. Leading cyber security authorities have urged organizations to remain acutely aware of the persistent dangers posed by Log4j threats. In the eyes of some experts, Log4j represented one of the most dangerous flaws disclosed in recent years.

Upon its discovery, a Log4j fix was not apparent or readily available and the cyber security workforce spent many hours attempting to identify and mitigate the vulnerability. Since then, a patch has been released. However, calls for vulnerability isolation and patching haven’t been enough…

Log4j “proxyjacking”

Cyber adversaries are currently targeting millions of systems via the Log4j vulnerability in order to launch “proxyjacking” campaigns. In these campaigns, attackers attempt to install a tool called proxyware on a victim’s network in order to resell the targeted group’s bandwidth.

In the latest proxyjacking scheme, attackers target Kubernetes infrastructure that’s running an unpatched Apache Solr service in order to take control over a container. The attacker then executes a command to download a malicious script. The script is placed in the /tmp folder to facilitate privileged access.

Proxyjacking + malware

The most mind-bending aspect of these attacks is that they create a backdoor through which cyber criminals could later implant malware. It’s arguably only a matter of time before attackers weaponize proxyjacking in order to conduct serious attacks.

Identifying proxyjacking

Identifying proxyjacking attacks can prove challenging. In some instances, proxyjacking is only discovered after malware appears and after IT teams try to trace the malware’s origins. By that point, teams may have a major incident on their hands, which is to say that stopping small incursions immediately is critical.

Costs of proxyjacking

Proxyjacking is somewhat similar to cryptojacking in that malicious software is installed on a victim’s device and the effects may initially seem marginal. After all, the use of a single gigabyte of network traffic per month is likely to go unnoticed.

However, proxyjacking could exact a financial cost for a company if their cloud service provider charges based on metered traffic. A target company could also find itself in unexpected legal trouble if the bandwidth bandits use the network to carry out unscrupulous activities. And then, of course, if the victim organization is hit with malware via proxyjacking…

Further information

In relation to Log4j proxyjacking attacks, cyber security researchers have not yet provided details surrounding the scope of the attacks, the timeline, specific targets or specific geographic regions under threat. We’ll update this article as more information becomes available.

Please see CyberTalk’s additional Log4j resources here:

• Log4j: The quiet before the ransomware storm?

• A guide to the Log4j software vulnerability

• The Aquatic Panda APT group leveraged Log4j

• How SASE protects from Log4j vulnerabilities

• 10 top cyber security vulnerabilities that you can’t ignore (2023)

Want to stay up-to-date with trends in cyber security? Check out the CyberTalk.org newsletter! Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.