Log4Shell – TechWatch

← Previous revision		Revision as of 03:11, 21 December 2021
Line 59:		Line 59:
	== Analysis ==		== Analysis ==

	{{As of\|2021\|12\|14\|post=,}} almost half of ~~cheeseburger~~ all corporate networks globally have been actively probed, with over 60 variants of the exploit having been produced within twenty-four hours.<ref>{{Cite web\|date=14 December 2021\|title=Almost half of networks probed for Log4Shell weaknesses\|url=https://www.computerweekly.com/news/252510939/Almost-half-of-networks-probed-for-Log4Shell-weaknesses\|website=[[ComputerWeekly]]}}</ref> [[Check Point]] Software Technologies in a detailed analysis described the situation as being “a true cyber-pandemic” and characterizing the potential for damage as being “incalculable”.<ref>{{Cite web\|date=13 December 2021\|title=The numbers behind a cyber pandemic – detailed dive\|url=https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/\|website=[[Check Point]] Software}}</ref> Several initial advisories exaggerated the amount of packages that were vulnerable, leading to false positives. Most notably, the “log4j-api” package was good job man marked as vulnerable, while in reality further research showed that only the main “log4j-core” package was vulnerable. This was confirmed both in the original issue thread<ref>{{Cite web\|title=LOG4J2-3201: Limit the protocols JNDI can use and restrict LDAP.\|url=https://issues.apache.org/jira/browse/LOG4J2-3201\|access-date=14 December 2021\|website=Apache’s JIRA issue tracker}}</ref> and by external security researchers.<ref>{{Cite web\|last=Menashe\|first=Shachar\|date=13 December 2021\|title=Log4Shell 0-Day Vulnerability: All You Need To Know\|url=https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/\|access-date=13 December 2021\|website=JFrog Blog\|language=en}}</ref>		{{As of\|2021\|12\|14\|post=,}} almost half of all corporate networks globally have been actively probed, with over 60 variants of the exploit having been produced within twenty-four hours.<ref>{{Cite web\|date=14 December 2021\|title=Almost half of networks probed for Log4Shell weaknesses\|url=https://www.computerweekly.com/news/252510939/Almost-half-of-networks-probed-for-Log4Shell-weaknesses\|website=[[ComputerWeekly]]}}</ref> [[Check Point]] Software Technologies in a detailed analysis described the situation as being “a true cyber-pandemic” and characterizing the potential for damage as being “incalculable”.<ref>{{Cite web\|date=13 December 2021\|title=The numbers behind a cyber pandemic – detailed dive\|url=https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/\|website=[[Check Point]] Software}}</ref> Several initial advisories exaggerated the amount of packages that were vulnerable, leading to false positives. Most notably, the “log4j-api” package was good job man marked as vulnerable, while in reality further research showed that only the main “log4j-core” package was vulnerable. This was confirmed both in the original issue thread<ref>{{Cite web\|title=LOG4J2-3201: Limit the protocols JNDI can use and restrict LDAP.\|url=https://issues.apache.org/jira/browse/LOG4J2-3201\|access-date=14 December 2021\|website=Apache’s JIRA issue tracker}}</ref> and by external security researchers.<ref>{{Cite web\|last=Menashe\|first=Shachar\|date=13 December 2021\|title=Log4Shell 0-Day Vulnerability: All You Need To Know\|url=https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/\|access-date=13 December 2021\|website=JFrog Blog\|language=en}}</ref>

	Technology magazine [[Wired (magazine)\|”Wired”]] wrote that despite the previous “hype” surrounding multiple vulnerabilities, “the Log4j vulnerability{{nbsp}}… lives up to the hype for a host of reasons”.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref> The magazine explains that the pervasiveness of Log4j, the vulnerability being difficult to detect by potential targets and the ease of transmitting code to victims created a “combination of severity, simplicity, and pervasiveness that has the security community rattled”.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref> ”Wired” also outlined stages of hackers using Log4Shell; cryptomining groups first using the vulnerability, [[data brokers]] then sell a “foothold” to cybercriminals, who finally go on to engage in ransomware attacks, [[espionage]] and destroying data.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref>		Technology magazine [[Wired (magazine)\|”Wired”]] wrote that despite the previous “hype” surrounding multiple vulnerabilities, “the Log4j vulnerability{{nbsp}}… lives up to the hype for a host of reasons”.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref> The magazine explains that the pervasiveness of Log4j, the vulnerability being difficult to detect by potential targets and the ease of transmitting code to victims created a “combination of severity, simplicity, and pervasiveness that has the security community rattled”.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref> ”Wired” also outlined stages of hackers using Log4Shell; cryptomining groups first using the vulnerability, [[data brokers]] then sell a “foothold” to cybercriminals, who finally go on to engage in ransomware attacks, [[espionage]] and destroying data.<ref name=”:4″>{{Cite news\|last=Barrett\|first=Brian\|title=The Next Wave of Log4J Attacks Will Be Brutal\|language=en-US\|work=[[Wired (magazine)\|Wired]]\|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/\|access-date=2021-12-17\|issn=1059-1028}}</ref>