“It’s bad and it’s only going to get worse.” zdnet.com
Log4j is a piece of software used in millions of web servers worldwide. It is an opensource Java-based logging tool offered from Apache. Any kind of threat or malicious code could potentially put any system at risk. Security firm Crowdstrike reports that the attacks started happening on December 9, 2021. It was first spotted in the game Minecraft but it quickly escalated to a far larger problem. The software is used in a multitude of applications including Apple’s iCloud. Attacks exploiting the bug are known as Log4Shell attacks.
The vulnerability, tracked as CVE-2021-44228, has a severity rating of 10 out of 10. The zero-day had been exploited at least nine days before it surfaced. arstechnica.com
“A severe risk to the internet” is how the Director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly described the security flaw. She went on to explain that “this vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.”
A recent report from Microsoft explained the depth of the attack: Attackers have so far being able to exploit the flaw to install crypto-miners on vulnerable systems, steal credentials, and dig deeper inside hacked networks. To exploit Log4Shell, “an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username.” wired.com
So what can you do as a user? Nothing but hound the services you use to ensure that they’re putting fixes in place to get security up to scratch. If you’re an enterprise organisation, chances are you’re going to invest large sums into overtime for teams to work through the holiday period.
What’s the ultimate solution?
This zero-day, ‘will-be-talked-about-for-years’ type of ongoing attack needs a defence mechanism of a different sort of stamina, strength and resilience. Organisations should implement a 24/7 self-learning AI tool to detect known and unknown vulnerabilities; an ethical hacker that never sleeps.
Brought to you by the Nihka Technology Group, Fortitude is an Artificial Intelligence security engine that self learns your IT systems without human intervention working 24/7.
Our AI solution understands your environment, finds weaknesses, replicates, and makes recommendations to fix. Integrating security into your DevOps before production means that vulnerabilities are validated during test and development to ensure production systems are secure during deployment.
Fortitude is POPIA compliant and aligns with the CyberCrimes Act of South Africa.
The Nihka Technology Group is a South African technology company based in Johannesburg, South Africa. The Group is focused on bringing the digital future to both the private and public sectors, locally and globally by delivering innovative, integrated technologies and intelligent solutions. Nihka offers end-to-end multi-dimensional consulting with an emphasis on integrating the human potential. Bringing EQ into AI.