The Log4J threat will disrupt the internet for years to come

Risk in open source source Apache logging library Log4j sent system administrators and security experts just watching on weekends. Known as Log4Shell, the error reveals the world’s most notorious software and services that need to be attacked, and its form has not changed since the threat surfaced Thursday. If so, it is now clear that Log4Shell will continue to destroy the internet for years to come.

Obera has been using the virus since the beginning of the month, according to researchers from Cisco and Cloudflare. But threats grew sharply following the revelation of Apache on Thursday. Meanwhile, the attackers have used the error to set up cryptomines-based machines at high-risk machines, steal machine information, hide inside compromised networks, and steal information, according to a recent report. from Microsoft.

The consequences are devastating because of the same insecurities. Developers use pricing to track what happens in a given program. To use Log4Shell, the attacker simply needs the machine to compile a list of skillfully coded codes. From there they can place incompatible codes on the server they are following and install malware or other triggers. Specifically, hackers can display the word in very obvious ways, such as sending the string in an email or setting it as a login name.

Major professional players, inclusive Amazon Web Services, Microsoft, Cisco, Google Cloud, and IBM They have all found that some of their products were at risk and have been rushing to fix and advise clients on how to do it. The actual size of the display is still visible, however. Small or medium-sized organizations that may lack support and recognition will be slow to respond to Log4Shell risk.

“The fact is that for many years people have been finding a long way to go to new programs at risk when they think of new sites to use,” says independent security researcher Chris Frohoff. “This will probably be reflected in the monitoring and evaluation of long-term enterprise applications.”

The threat is already being exploited by “growing threats,” U.S. Cybersecurity and Infrastructure Security Agency chief executive Jen Easterly said words Friday. He also said the error was “one of the biggest I’ve ever seen in my entire career, if not more serious” in a phone call with security personnel on Monday, according to the first report. and CyberScoop. At the same time, an official at CISA said hundreds of millions of weapons could be affected.

The difficult part should follow all of them. Most organizations do not have comprehensive statistics for any software they use and software tools within each system. National Cyber ​​Security Center in the UK he emphasized Monday that businesses should “discover the anonymity of Log4j” in addition to placing their suspicions. By its very nature, open source software can be integrated wherever manufacturers want, meaning that when a high risk arises, the visual code can be hidden in any corner. Even before Log4Shell, software security developers worked hard to “pay for software,” or SBOMs, to make it easier to calculate and track security.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *