Apache Log4j: a "layer" of protection is not enough

Edited by LineaEDP16 / 12/2021 For Check Point Research Apache Log4j could be the warning of a hacker attack against a series of targets of great value

On December 9, a vulnerability was reported in Apache Log4j, the most popular java library embedded in nearly every Internet service or application we know of, including Twitter, Amazon, Microsoft, Minecraft and others. Exploiting this vulnerability is simple and allows hackers to control Java-based web servers and remotely launch malicious code execution attacks. Currently, most attacks focus on using crypto mining at the expense of the victims - however, more advanced attackers can act aggressively against high-level targets. Since last Friday, Check Point Research (CPR) has witnessed what appears to be an evolutionary crackdown, with new variations of the original exploit being introduced quickly - over 60 in less than 24 hours. It seems almost limitless. For example, it can be used on both HTTP and HTTPS (the encrypted version of navigation). The number of combinations of how to exploit it gives the attacker many alternatives to circumvent the protections just implemented. This means that one “layer” of protection is not enough, and only a multi-layered security structure would provide resilient protection. As noted in an official note by Lotem Finkelstein, Director, Threat Intelligence and Research for Check Point Software Technologies: “We can only confirm the seriousness of this threat. On the surface, the vulnerability in Apache Log4j is aimed at cryptominers, but we believe this is a warning of a hacker attack against a number of high-value targets such as banks, state security and critical infrastructure. We began rolling out our security on Friday, and by Sunday we had already prevented over 400,000 attempts to exploit the vulnerability on over a third of all corporate networks globally. Most worrying is the fact that nearly half of those attempts came from known criminal groups. Security teams need to act with the utmost urgency because the damage that could occur is incalculable. The need for a quick response is also due to the fact that this was discovered during the end of the working week, ahead of the holidays, when security teams may be slower to implement protective measures. For several months, we at Check Point Software have been sounding the alarm about a 'cyber pandemic' and this is exactly what we mean. It is highly contagious and spreads rapidly, so constant monitoring and a solid prevention strategy are essential ». To date, Check Point Software has prevented more than 845,000 attempts to exploit the vulnerability, and over 46% of these attempts have been made by well-known hacking groups. Additionally, the exploit attempt is on more than 40% of corporate networks globally.