In recent days, there have been more and more alerts about new flaws discovered in a tiny, seemingly harmless sub-software, which is used by hundreds of millions or even billions of websites around the world.
It’s like a Tsunami swept the Internet For some people, this will be “the most serious flaw in a decade”, for others it will even be “the history of the Internet.” Computer security experts are scrambling to come up with a loophole that could affect hundreds of millions or even billions of websites and servers worldwide.
Even the Cyber Security and Infrastructure Security Agency (CISA) lists it as a level 10 threat, which is the highest alert level. “This is one of the most serious shortcomings I have faced since the beginning of my career, if not the most serious,” admitted CISA Director Jennifer Easterly. At the press conference on Monday, December 13. Almost all national IT security agencies have issued alerts, Including French Anssi.
From Apple to NASA’s helicopter on Mars
The person responsible for this global panic campaign is called Log4j. Philippe Rondel, a computer security researcher at Check Point, an international software solutions publisher, explained that this is a small sub-software whose sole purpose is to “automatically record visits to the site.” France 24 contacted cybersecurity. The expert added that this is a harmless task. In fact, “this is usually a small program, and people will never believe that it brings risks.”
Except at the end of November, An employee of the Chinese giant Alibaba warned the Apache Foundation cautiously (Manage and distribute Log4j) It observes vulnerabilities at the Log4j level.Then, on Friday, December 10, a computer security researcher A method of exploiting this computer defect named Log4Shell is disclosed : This is the beginning of a runaway.
Then the digital world began to see the potential extent of damage. This sub-software does exist in thousands of programs used to run millions of servers, and the developers of all these web tools sometimes don’t even know whether their software requires it.
A race to understand how the Internet is exposed to this new vulnerability has begun. “It is estimated that about 30% of Internet sites use Log4j,” concludes Philippe Rondel.
At present, it has been determined that giants such as NASA, Twitter, Oracle or Apple use programs with Log4j vulnerabilities. Therefore, due to this flaw, iCloud-Apple’s online storage service-may be hacked. In theory, the small helicopter Ingenuity sent by NASA to Mars is also vulnerable, because some of the software used to communicate with it from the Earth is based on Log4j. Emphasis on the German daily Süddeutsche Zeitung.
Perspective of the ransomware tsunami ?
In terms of hackers and cyber espionage, it is also a panic buying of new vulnerabilities. “We observed 830,000 attempted attacks against Check Point customers in 72 hours,” said Philippe Rondel. In addition, there are already more than 60 variants of the original method using Log4Shell in circulation. A way for cybercriminals to try to stay ahead.
Philippe Rondel assured that the increase in attacks is partly due to cybercriminals “expecting a short shooting window.” The patch of Log4j has been released, theoretically it can be used as long as this sub-software is installed. But according to Check Point experts, it takes time in practice, because discovering all the programs and servers that use it is a long-term task.
Hackers also drilled this loophole because it is easy to exploit and can cause huge damage. The vulnerability means that an attacker can trick Log4j into believing that it is only updating its access logs to ask Log4j to perform any type of task-including downloading viruses.
Philippe Rondel concluded that it allows cybercriminals to “execute malicious code on programs without authorization,” which is even more tempting. Cybercriminals usually must have a username and password before they can infiltrate the server and place the virus there. This is not the case with Log4Shell.
Then the attacker can take full advantage of this vulnerability. They can install a simple destructive virus on the target server, choose spyware or control computers on the network.
So far, most cybercriminals use Log4Shell to install malware on target computers and turn them into Bitcoin machines. “This is one of the simplest uses,” admitted Philippe Rondel.
But he worried that this first wave of attacks was only “the first earthquake before the arrival of a larger attack tsunami.” The French expert warned that the risk is that some cybercriminals use this vulnerability to “be the first to step into the door of the company’s network to deploy ransomware that will be activated in the next few weeks.”
The discovery of this vulnerability also illustrates the vulnerability of certain components that are important to the normal operation of the Internet. Log4j is actually a small part of the program distributed as free software. Its normal operation is ensured by some volunteers who take care of it in their free time. In other words, the sub-software used by multinational companies like Apple or Twitter is managed by a small number of people, and their services or equipment are hardly paid by a few generous donors, and these services or equipment bring in billions of dollars. income. For Filippo Valsorda, Encryption expert from Google, The flaws in Log4j should lead to “making the maintenance of these open source programs a real paid profession, because it is part of the economy that relies on it.”