Log4j. Pt.3. Log4j. The Hack That Keeps On Hacking
What we have occurring right now can only be described as a World War
occurring in cyberspace, and the preferred WMD is Log4j.
China is being hit with a massive ransomware attack.
The Iranians are working hard to penetrate Israeli computer
systems.
Russian hackers have unleashed the Conti ransomware on the entire
planet.
Another strain of ransomware, TellYouThePass, that had been
considered dormant, has again been let loose on the entire globe, thanks to
Log4j.
The banking credential stealing Dridex malware is rapidly
spreading globally — except with certain modifications.
Threat actors now exploit the critical Apache Log4j
vulnerability named Log4Shell to infect vulnerable devices with the
notorious Dridex banking trojan or Meterpreter.
The Dridex
malware is a banking trojan originally developed to steal online banking
credentials from victims. However, over time, the malware has evolved to
be a loader that downloads various modules that can be used to perform
different malicious behavior, such as installing additional payloads,
spreading to other devices, taking screenshots, and more.
Besides the sheer stupidity of using
known vulnerable open source software in any kind
of networked application, corporations still do not take seriously how
their refusal to incorporate IT security best practices into their
digital ecosystems (to use a current cliché) is a major part of the
overall problem.
A pentest study recently demonstrated that 93% of corporate
networks scanned for vulnerabilities were easily penetrated, and thus
open to compromise. Malware mitigation must become
cheaper than the malware itself. Stop insuring this negligence.
And more vulnerabilities in the Log4j library continue to be
discovered.
There is some debate among the digerati that Log4j has been made
"wormable." Worms are very very very bad. They
self-propagate across the network.
The very serious
impacts of Log4j will continue to wreak havoc across the globe for some
time to come.
"Google found more than 35,000 Java packages in the Maven
Central repository that are impacted by flaws in the Apache Log4j
library."
Is Log4j the straw that finally
breaks the back of that camel we call the Internet? Does Covid
so reduce the human population on Earth that will, by evolutionary processes,
alleviate so many of our global problems? Maybe. Or maybe we
humans will simply continue to muddle through until the delicate systems
that support both our biological lives and our technological lives
simply collapse from exhaustion.
Whenever one of these global
cyberattacks occur that affect real people in their real lives I am
reminded about the stupidest thing anyone has ever said to me concerning
malware. This statement preceded the term malware. We still simply
called them computer viruses. This was the early 2000s. The
person's computer appeared infected to me; as did at least 50% of the
computers at that time. The client made a reference to "My
Viruses". Well, these viruses are no longer mine. Malware
now belongs to everybody.
This is the way the world ends
Not with a bang but a whimper.
—
T. S. Eliot
¯\_(ツ)_/¯
Gerald Reiff
|