– Hundreds of thousands of hacker attacks in just 72 hours
After a vulnerability becomes known in large parts of the Internet, countless attack attempts are made. According to analysts, state hackers from China, Iran and Turkey are involved.
It is one of the most far-reaching security vulnerabilities in the history of the Internet, and gradually more and more hackers are trying to exploit it. Country attackers are also trying to take advantage of an issue called Log4shell, which stunned IT professionals around the world over the weekend. This is what IT security companies report.
The problem lies in the Log4j plugin, which is part of a widely used Java technology. In fact it should only record what is happening on the computer server. However, hackers can take over networked computers, for example from online games or cloud service providers, through the vulnerability. Products from Amazon, Cisco, or IBM are affected in any case. Poor technology is so widespread that it can still be difficult for professionals to gauge how many services are affected (More on the gap here).
IT security company Checkpoint counted attack attempts: on Saturday, 12 hours after the vulnerability was known, it was 40,000, and after 72 hours it was more than 800,000. Because of its extremely rapid growth, Checkpoint is talking about a “cyber pandemic”.
State hackers are trying to exploit Log4shell, and they report, among other things, to the Microsoft security team, which monitors and analyzes hacker groups. Country groups from China, Iran, North Korea, and Turkey will benefit from Log4shell. They tried to adapt the attack technology to the vulnerability, known since last week, for their purposes and combined it with the existing malware. This way, unauthorized people can take over computers completely remotely.
Attackers practically feel their way online
The Iranian group, named Phosphorus by Microsoft, used the vulnerability to install ransomware on target devices without permission. These programs encrypt the data on the victims’ systems, making those systems unusable. It is often used to extort ransom from these “restricted” companies and organizations.
According to analysts, the group uses ransomware to earn money or simply to disrupt targets. A Chinese group called Hafnium is also attacking software infrastructure via Log4shell. Other groups have rooted in systems through this gap and are now selling access to ransomware hackers.
Hackers try to use the computing power of their victims’ computers to secretly generate cryptocurrencies for themselves.
According to Microsoft, the so-called mass scanning makes up the majority of Log4Shell’s activity: attackers practically feel their way through the Internet, looking for compromised devices. Bots – armies of hijacked computers interconnected by criminals – also use this technology. However, it is possible that some of the scans that have been measured belong to IT security experts who want to protect the devices rather than take over them.
As at the weekend, hackers installed so-called miners on the computers of their victims. The attackers want to use their computing power to generate cryptocurrency for themselves. Windows and Linux systems are affected equally.
The Apache Software Foundation, which takes care of Log4j, has made a security update available to bridge the gap. Meanwhile, the US Cyber Security Agency has set a deadline. Federal agencies have urged that the update be downloaded by Christmas. However, the update originally provided by the Foundation did not fully protect the systems. Log4j version 2.15.0 left an open hole that attackers could use to paralyze the program. The new update 2.16.0 fills this gap. Anyone running servers in the network should Download it here.