Blogs By this
author
Related blogs
to this blog
- How to Avoid Being Scammed Online
- How to Prevent Phishing Attacks
- Myth Busting Cloud Security – How Secure is the Cloud?
- Christmas Cyber Security Tips
- The COVID-19 digital vaccination certificate and the value of cyber security audits
- Passwords are not enough – why you need Multi Factor Authentication
- Building innovation culture
- Getting out of the swamp: Accelerated Data Lake on AWS
Hackers set up machines that delivered malicious payloads and scanned the internet to find vulnerable servers. To carry out an attack, they’d query services such as web servers, and try to trigger a log message like a 404 error. The query included maliciously crafted text, which Log4j processed as instructions. These instructions created a reverse shell, which allowed the attacking server to remotely control the targeted server, or in some cases made the targeted server part of a botnet. Botnets use multiple hijacked computers to carry out coordinated actions on behalf of hackers.
Many hackers were trying to abuse Log4Shell, ranging from ransomware gangs locking down Minecraft servers, hacker groups trying to mine bitcoin, to hackers associated with China and North Korea trying to gain access to their geopolitical rivals’ sensitive information. The Belgian Ministry of Defence reported that its computers were attacked using Log4Shell.
Although the vulnerability first came to widespread attention 10 December 2021, people are still identifying new ways to cause harm through this mechanism. Further versions of this vulnerability have been seen recently with both CVE-2021-45105, and CVE-2021-44832. Each of these vulnerabilities received a CVSS score of 7.5 and 6.6 respectively. Moving forward, it is critical to continue to monitor and scan for Log4j vulnerabilities, including monitoring your technology vendors advisory notices on this.