The cyber threat Apache Log4j is far from over, as cybersecurity experts found a second vulnerability in the system. As it looks, many malicious actors continue to exploit the Apache Log4j vulnerability.
Log4j Exploit: Full Details of the Cyber Attack
According to earlier reports, Log4j is a threat that ranks 10 out of 10 on the severity scale. It is a malware that corrupts the foundation of many software and websites running on the internet.
Lotem Finkelstein, director of threat intelligence and research for Check Point, told ZDNet that "I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but... threat actors will try to exploit (Log4j) in order to attack a whole range of high-value targets such as banks, state security and critical infrastructure."
Experts clarified that attackers use this exploit to hack physical servers, virtual servers, IP cameras, manufacturing devices and even attendance systems. Researchers also released a map image showing the countries affected by Log4j exploitation, with the highest number of cases concentrated on the U.S., U.K., Germany and Netherlands.
For reference, the Dutch National Cyber Security Center released a list of software affected by the vulnerability, which includes:
- Adobe
- Apache
- BMC Software
- Dell
- IBM
- Micro Focus
- Unify
Cybersecurity experts in these companies are working to repair their systems, and some might have already installed a few countermeasures. Regardless, users are advised to be careful when surfing through the internet, especially in the incoming days.
Cybersecurity Warning: Apache Log4j Vulnerability
However, as previously indicated, experts just discovered a second vulnerability on Tuesday. They call this new vulnerability as CVE 2021-45046.
According to the Common Vulnerabilities and Exposure (CVE) website, hackers use this newly discovered vulnerability to "input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack." This means threat actors would overload a targeted server, often rendering the system invalid.
By extension, malicious actors could also input codes to remotely access the database. Once they could get full control, they would data mine all the personal information, login credentials and other information stored on an infected device.
Although experts have already released an Apache Log4j 2.15.0 fix against CVE-2021-44228, CVE warned that it is "incomplete in certain non-default configurations" against the new threat. This implies that although some might have downloaded the security fix, they are not safe from the second strain.
This prompted John Bambenek, a principal threat hunter at Netenrich, to conclude that "at least a dozen groups are using these vulnerabilities, so immediate action should be taken to either patch, remove JNDI or take it out of the classpath (preferably all of the above)," per ZDNet.
He suggested that affected websites should disable their JNDI functionality entirely. The situation is still progressing, and it's hard to determine how many affected websites followed this security protocol. More updates on the issue might be revealed later this week.
Related Article: Cybersecurity Warning: Zero-Day Vulnerability in Apache Log4j Discovered in Minecraft, Other Apps