December 14, 2021
2 mins read

Internet facing most serious bug in recent years, warn cyber firms

Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities, including a range of crypto-mining malware…reports Asian Lite News.

Cyber security researchers on Monday warned that hackers are making over 100 attempts every minute to exploit a critical security vulnerability in the widely-used Java logging system called ‘Apache log4j2’, leaving millions of companies globally at cyber theft risk.

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to this ‘ubiquitous’ zero-day exploit, now dubbed as one of the most serious vulnerabilities on the Internet in recent years.

‘Apache Log4j’ is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services.

According to cybersecurity researchers at Check Point, Since Friday (December 10), they “witnessed what looks like an evolutionary repression, with new variations of the original exploit being introduced rapidly- over 60 in less than 24 hours”.

Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. It is used by a vast number of companies worldwide, enabling logging in a wide set of popular applications.

“Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks,” cyber security researchers said in a blog post.

Another cyber security company Sophos said that it is already detecting malicious cryptominer operations attempting to leverage the vulnerability, and there are credible reports from other sources that several automated botnets (such as Mirai, Tsunami, and Kinsing) have begun to exploit it as well.

“Other types of attacks – and payloads – are likely to rapidly follow. While there are steps that server operators can take to mitigate the vulnerability, the best fix is to upgrade to the patched version, already released by Apache in Log4j 2.15.0,” Sophos said in a statement.

However, rolling out an upgrade may not be all that simple – especially if organisations don’t know where it’s been deployed as a component.

At present, most of the attacks focus on the use of cryptocurrency mining at the expense of the victims. However, under the auspices of the noise, more advanced attackers may act aggressively against quality targets.

Researchers at Microsoft have also warned about attacks attempting to take advantage of ‘Log4j’ vulnerabilities, including a range of crypto-mining malware.

The Computer Emergency Response Team (CERT) for New Zealand, Deutsche Telekom’s CERT, and the Greynoise web monitoring service have also warned that hackers are actively looking for servers vulnerable to ‘Log4Shell’ attacks.

“In the case of this vulnerability ‘CVE-2021-44228’, the most important aspect is to install the latest updates as soon as practicable,” said an alert by the UK’s National Cyber Security Centre (NCSC).

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of ‘log4j2’. In a statement, Cloudflare has said it has updated systems to prevent attacks.

ALSO READ-Nepal to regulate Internet of Things

Previous Story

General Naravane speaks with his Omani counterpart

Next Story

Cop shot dead in Rawalpindi

Latest from Lite Blogs

Dulquer Unveils Superhero Characters

Another intriguing aspect revealed in the teaser is that actor Naslen’s character, Sunny, becomes one of the rare individuals privy to Chandra’s superhero identity Actor Dulquer Salmaan has officially introduced the central

India Embraces AI Future

Upskilling is emerging as a critical focus, with 51 per cent of leaders naming it their top priority. Around 63 per cent of managers expect AI training to become a core team

SRK Launches Aryan’s Debut

The evening belonged as much to Shah Rukh as it did to Aryan. Turning host for his son’s big day, SRK displayed his trademark wit and charm while introducing the cast and

Samsung Eyes $7B U.S. Chip Push

The potential investment signals more than just a corporate expansion Samsung Electronics is reportedly preparing to invest more than $7 billion in a new advanced chip packaging facility in the United States,

Tehran: Explosive Global Stakes

Stars: ★★★★☆ (4/5)Director: Arun GopalanCast: John Abraham, Neeru Bajwa, Manushi Chhillar, Hadi KhajanpourDuration: 118 minutes Tehran is a taut geopolitical thriller that dares to navigate the murky corridors of real-world politics, inspired by the 2012 attack on
Go toTop

Don't Miss

33% of global population not connected to Internet in 2023

Only 67 per cent of the world’s population, or 5.4

Musk launches satellite internet service called Starshield

Starlink for RVs allow users to get immediate access to