The existence of the Log4j flaw will continue to haunt internet users for months if not years, according to cybersecurity experts. The Log4shell exploit CVE-2021-44228 will persist to appear because of the ease of exploitation and ubiquity.
Log4Shell to Exist For Months or Years
The existence of the Log4j flaw will continue to haunt internet users for months if not years, according to cybersecurity experts.
The most recent attacks alerted the security analysts to salvage the systems from the vulnerability involving the Log4shell flaw. Since it came last week, experts have not yet seen any improvements to mitigate its spread.
According to a report from Wired, the range of impact of the exploit is too broad yet it is simple to execute. What the hacker only needs to enable it is to log a string of code on a system.
After doing that, the attacker can now inject malware in various ways: through email, log-ins, and more. Per Steve Povolny, McAfee Enterprise's head of advanced threat research, the log4shell exploit could now be on the same level with EternalBlue, ShellShock, and Heartbleed.
In an interview with ZDNet, Povolny said that hackers can now manipulate the bug and spread it to the crypto mining industry. In addition, they can also use it to collect money and confidential information from the victims.
What makes it a huge threat to the internet is its "wormable" impact: its ability to spread itself. Despite the presence of patches, the vulnerable component can yield multiple versions of it.
Povolny said that once the organizations suffer from the attacks, they will immediately need a mitigation measure to bar the malware from spreading even further.
"We believe log4shell exploits will persist for months if not years to come, with a significant decrease over the next few days and weeks as patches are increasingly rolled out," Povolny stated.
Related Article: 'Extremely Bad' Log4Shell Vulnerability Gives Hackers Easy Access to Millions of Devices
Log4shell Evolution
The same report from ZDNet said that the log4shell vulnerability is continuously evolving since attackers use them for coin miner installations, according to Sean Gallagher, the senior threat researcher of Sophos.
Gallagher said that the Log4j remote code execution has attacked Amazon Web Service accounts. Most likely, the hackers utilized a ransomware key tool called "Cobalt Strike," which is used for remote network access.
Another expert from Sophos, Paul Ducklin, said that the experts are currently searching for a potential solution to "bring this global vulnerability under control." He suggested the companies patch their systems right now.
Last time, the log4shell malware actors have shut down thousands of government websites in Canada. Tech Times previously reported that about 4,000 pages were closed down to prevent the spread of the cyberattack.
What's Scary About Log4shell
Despite tight security and privacy tools, tech giants can acquire the malware at any time. Experts noted that its vulnerability is "scary" because of a few reasons.
Primarily, the log4shell exploit is easy to control and the hacker can simply paste a code to an app and wait until the results come out. Another reason why log4j is dangerous is that it is hard to detect. Many software packages will be inspected before we know the core of the exploit.
Lastly, the log4shell vulnerability is difficult to contain because it has already infected third-party vendors. Having said that, the malware is everywhere and anyone could take hold of it.
Elsewhere, Kronos HR suffered from a ransomware attack earlier this week. The management platform noted that it would shut down its service that could last for weeks.
This article is owned by Tech Times
Written by Joseph Henry
Related Article
'Extremely Bad' Log4Shell Vulnerability Gives Hackers Easy Access to Millions of Devices
Hackers’ Log4Shell Malware Attacks Shuts Down Thousands of Government Websites
Ransomware Attack Hits Kronos HR, Payroll Platform—High-Profile Customers Data Breached?
