A critical flaw in a popularly used Java library is being exploited by malicious actors to deliver malware, while security researchers are scanning for vulnerable servers.
The flaw and a proof-of-concept exploit was publicly released on Friday, wreaking havoc across companies that use the popular Log4j Java platform. Impacted firms included Amazon, Apple, Steam, Minecraft, and a lot more.
According to Bleeping Computer, threat actors have been using the vulnerability to deliver crypto-miners, botnet, and penetration tools that could be used to deploy ransomware on affected systems.
There's currently no public data suggesting that ransomware gangs have used the Log4k exploit, but the deployment of the aforementioned penetration tools suggests that such attacks could be "imminent," Bleeping Computer reported.
Additionally, both threat actors and security researchers are using the exploit to scan for vulnerable servers and steal information from them. From there, scanners can determine whether a server can be used for additional attacks, research purposes, or bug bounty awards.
The flaw exists in the Log4j Java-based logging platform, which is used for web server access and application logs. Once exploited, the vulnerability could allow a remote attacker to perform code execution or otherwise take control of a vulnerable server.
Since Log4j is used in thousands of websites and enterprise apps, security researchers are concerned that it could lead to widespread malware attacks and deployments.
Apache quickly patched its systems to mitigate the vulnerability.
Who's at risk, and how to protect yourself
Although the vulnerability appears to be wreaking havoc on Friday, the effects are mostly being felt in the enterprise sector. In other words, it's not up to end users to defend themselves against the vulnerability.
Engineers working in the programming subreddit suggested that major technology companies like Amazon have been working to fix the problem since late Thursday night. AppleInsider has learned that the week continued through the weekend at Amazon and others, and some companies are still implementing patches and work-arounds.
6 Comments
Please show evidence of this “wreaking havoc”. The only evidence is the freaking out of the tech media, though I’ll bet some sysadmins are having a rough weekend updating log4j installations. Let’s see some evidence of actual successful attacks causing “havoc”.
My company has a lot of services to inspect, dozens at least. However our preliminary investigations show that we switched to logback a long time ago on most of them. We did find a couple that were likely exploitable but they were non-critical systems and we disabled them until we can mitigate or update.
I updated my kid's open Minecraft server on Monday.
So far no havok has been wreaked. We think!
My first instinct is to think where is this installed on my system!!!
So I can remove whatever software is using it. Yet this is never mentioned in these articles.