Critical Log4Shell security flaw lets hackers compromise vulnerable servers2021-12-13 18:14 by Daniela
A serious security vulnerability in a popular product from Apache has opened the floodgates for cybercriminals to try to attack susceptible servers. On Thursday, a flaw was revealed in Apache's Log4j 2, a utility used by millions of people to log requests for Java applications. Named Log4Shell, the vulnerability could allow attackers to take control of affected servers, a situation that has already prompted hackers to scan for unpatched systems on which they can remotely run malicious code.
"It's probably one of the most ubiquitous software components on the internet today," Tony Turner, VP of Security Solutions for the cyber-security company Fortress, told ABC News. Turner said the vulnerability impacts everything from gaming systems and consumer platforms to critical infrastructure and the Department of Defense.
"Why this is so important is it is trivial to exploit," Turner said. "Anyone can do this, like teenagers and kids are playing around with this [vulnerability] like it's a game."
Most of the attacks focus on cryptocurrency mining done on victims' dimes, as seen by Sophos, Microsoft and other security firms. However, attackers are actively trying to install far more dangerous malware on vulnerable systems as well.
According to Microsoft researchers, beyond coin-miners, they've also seen installations of Cobalt Strike, which attackers can use to steal passwords, creep further into compromised networks with lateral movement and exfiltrate data.
Basically any device that's exposed to the internet is at risk if it's running Apache Log4J, versions 2.0 to 2.14.1. NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks.
Read more -here-