Blogs By this
author
- Social Engineering Attacks: Proofpoint’s 2022 Social Engineering Report
- Increasing Email Security to Avoid Business Email Compromise
- How to Protect Yourself Against Ransomware Attacks
- Cyber Security Risk Management – Threats are Evolving Much Faster Than Australian Businesses
- How to Avoid Being Scammed Online
- How to Prevent Phishing Attacks
- AWS Migration Competency – recognition of Comunet’s leadership and expertise in cloud migration services
- Myth Busting Cloud Security – How Secure is the Cloud?
- The Software Development Life Cycle
- What is a Business Analyst and what do they do?
- Christmas Cyber Security Tips
- Off the Shelf vs Custom Software – 7 Things to Consider
- The COVID-19 digital vaccination certificate and the value of cyber security audits
- Comunet and AWS – delivering secure, scalable and trustworthy services non-profits
Related blogs
to this blog
- An Overview of ISO 27001:2022
- Social Engineering Attacks: Proofpoint’s 2022 Social Engineering Report
- Increasing Email Security to Avoid Business Email Compromise
- How to Protect Yourself Against Ransomware Attacks
- Cyber Security Risk Management – Threats are Evolving Much Faster Than Australian Businesses
- How to Avoid Being Scammed Online
- How to Prevent Phishing Attacks
- Myth Busting Cloud Security – How Secure is the Cloud?
- Christmas Cyber Security Tips
- The COVID-19 digital vaccination certificate and the value of cyber security audits
- Passwords are not enough – why you need Multi Factor Authentication
- Building innovation culture
- Getting out of the swamp: Accelerated Data Lake on AWS
Hackers set up machines that delivered malicious payloads and scanned the internet to find vulnerable servers. To carry out an attack, they’d query services such as web servers, and try to trigger a log message like a 404 error. The query included maliciously crafted text, which Log4j processed as instructions. These instructions created a reverse shell, which allowed the attacking server to remotely control the targeted server, or in some cases made the targeted server part of a botnet. Botnets use multiple hijacked computers to carry out coordinated actions on behalf of hackers.
Many hackers were trying to abuse Log4Shell, ranging from ransomware gangs locking down Minecraft servers, hacker groups trying to mine bitcoin, to hackers associated with China and North Korea trying to gain access to their geopolitical rivals’ sensitive information. The Belgian Ministry of Defence reported that its computers were attacked using Log4Shell.
Although the vulnerability first came to widespread attention 10 December 2021, people are still identifying new ways to cause harm through this mechanism. Further versions of this vulnerability have been seen recently with both CVE-2021-45105, and CVE-2021-44832. Each of these vulnerabilities received a CVSS score of 7.5 and 6.6 respectively. Moving forward, it is critical to continue to monitor and scan for Log4j vulnerabilities, including monitoring your technology vendors advisory notices on this.