APAC businesses still battling U.S. Log4Shell attacks
Log4Shell attacks prove a continued and complex threat to APAC businesses, according to Barracuda. The company has found the injection bug is still leaving businesses in Asia-Pacific vulnerable to log injection attacks.
Log4Shell was first publicly disclosed in December 2021. It is a software vulnerability specifically targeting Log4j, a Java-based logging audit framework that is an Apache project. Log4j is an open source Java package used to support activity-logging in many popular Java applications.
The New Zealand CERT says, "Log4j has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild, and that proof-of-concept code has been published."
While not all software written in Java is vulnerable, the affected package is widely used by developers across multiple organisations.
The vulnerability was given the highest severity rating possible when discovered, by the National Vulnerability Database, given the ease that malicious attackers can exploit it.
Since then, Barracuda researchers have been analysing the attacks and payloads detected and found the volume of attacks remains relatively constant and is unlikely to diminish any time soon. The company says the vulnerability allows a remote attacker to take control of a device on the internet if running specific versions of Log4j. Logging is a critical component of most applications and systems because it allows developers and system administrators to verify that software is working properly and identify more specific details when it is not.
The researchers also say they have made interesting insights into the location of the original attacks. The majority of attacks came from IP addresses in the U.S., and half of those were associated with AWS, Azure and other data centers. Attacks were also sent from Japan, Germany, Netherlands, and Russia.
"These were the IPs that performed scans and attempted intrusions. Actual payloads would have been delivered from other compromised websites or VPS hosts," says Barracuda senior product marketing manager, Applications and Cloud Security, Tushar Richabadas.
"Given the popularity of the software, the exploitability of the vulnerability and the payoff when a compromise happens, we expect to see this attack pattern continue, at least for the short term."
He says the best way to protect against Log4shell is to upgrade to the latest version of log4j. Maintaining up-to-date software and libraries helps ensure that vulnerabilities are patched. Given the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks.
However, Richabadas says all-in-one solutions are now available, including WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, which can help protect web applications by providing all the latest security solutions.