Even after the Log4j vulnerability has been fixed, hackers continue to target unpatched systems, said a new research Barracuda. Log4j vulnerability disrupted severs of major web tech giant such as Microsoft, Amazon, Apple, etc.
For the uninitiated, Log4j is a very common logging library used applications across the world. Logging lets developers see all the activity of an application. The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.
It should be noted soon after the vulnerability was identified, Apache released the fix releasing a new upgrade which it ‘recommended highly’ to all the users, and companies using its java based web servers. But it seems that several users are still not updated to the latest patch. Taking advantage of this, cybercriminals continue to target such systems.
According to the research, 83 per cent of the attacks were conducted from IP addresses in the US, with half of those IP addresses being associated with AWS, Azure and other data centres. Meanwhile, 10 per cent of the attacks were conducted from IP addresses in Japan, 3 per cent from Germany, 3 per cent from the Netherlands and 1 per cent from Russia.
The research notes that only scans and intrusions were carried from these IPs, however, cyber criminals delivered malicious files from other compromised websites once the attack got through.
“Log4j vulnerability has stormed the cyber world. The best way to protect against log4shell specifically is to upgrade to the latest version of log4j software so that vulnerabilities are patched in a timely manner. Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks. However, all-in-one solutions are now available to protect web applications from being exploited due to these vulnerabilities. WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, can help protect web applications providing all the latest security solutions in one easy-to-use product,” said Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security at Barracuda.