• Sustainability
  • Projects
  • Circularity
  • Technology
  • Awards
    • Top Products
  • Living Lab
  • Archives
    • ConnectedWorld
    • Constructech
What's Hot

Fact of the Day – 6/30/2022

June 30, 2022

Digital Utility for Utility Construction

June 30, 2022

Fact of the Day – 6/29/2022

June 29, 2022
Get your Copy Today
Facebook Twitter Instagram
Facebook Twitter Instagram
Connected WorldConnected World
  • Sustainability
  • Projects
  • Circularity
  • Technology
  • Awards
    • Top Products
  • Living Lab
  • Archives
    • ConnectedWorld
    • Constructech
Connected WorldConnected World
Home » A LogJam on the Information Highway
Technology

A LogJam on the Information Highway

No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn WhatsApp Pinterest Email

Reports of major cyberattacks make the evening (and online) news all too often. Identity theft in the millions, ransomware demanding millions, millions of people left without electricity due to an attack on the grid. Where do these attacks come from? And how?

The usual suspect is an undiscovered—until now—fault or vulnerability in a common program. The 2021 SolarWinds attack is a case in point. It was one of the most sophisticated cyberattacks ever conducted, an example of a digital supply-chain attack, in which hackers insert malicious code into trusted third-party software, thus infecting potentially all of the hacked software company’s customers.

SolarWinds, based in Austin, Texas, provides large-scale information technology infrastructure management software and services to businesses and government agencies with more than 320,000 customers in 190 countries, including 499 of the Fortune 500. The SolarWinds attack affected federal agencies, the federal courts, numerous private-sector companies, and state and local governments across the country. Government agencies confirmed to be affected by the attack include: the Depts. of Commerce, Defense, Energy, Homeland Security, Justice, Labor, State, and Treasury, as well as the National Institutes of Health. 

Hackers had inserted malicious code into an update for SolarWinds’ Orion network management platform. Customers who routinely updated their Orion software unknowingly downloaded the embedded virus into their systems. Once inside, the attackers could choose which areas to access and were able to move through systems and conduct their operations undetected.

Cybersecurity agencies and companies are constantly monitoring the “Dark Net,” a term for the underbelly of the Internet where anything goes and everything has a price, for leads to newly discovered vulnerabilities in third-party software connected to the World Wide Web. As an example, in December 2021, the Apache Software Foundation found two critical vulnerabilities in its Log4j Java-based library.

The first vulnerability CVE-2021-44228, also known as Log4Shell or LogJam, was reported as an unauthenticated RCE (remote code execution) vulnerability. By exploiting how the library logs error messages, it could lead to a complete system takeover. Due to its critical nature and the ease of execution, it has received the highest possible CVSS (Common Vulnerability Scoring System) score of 10.

The second vulnerability, CVE-2021-45046, was discovered shortly after the initial exploit was patched. It is rated 3.7 out of 10 on the CVSS and would lead to a denial of service). Patches were quickly released to address both vulnerabilities.

If the problem has been patched, why worry? Log4j is the world’s most popular Java logging library and is embedded on a range of applications, services, and websites, including Apple, Amazon, Twitter, and Microsoft’s Minecraft game. Its adaptable logging capabilities make it useful across any type of infrastructure or application.

Worse, to exploit the flaw all that needs to be done is to create a line of malicious code. That code will be logged by Log4j, giving the hackers an entry point into the affected device. After that, the hackers have the means to execute arbitrary code to take possession of the entire system, including encrypting files (and holding them for ransom).

In an effort to illustrate how easy it is to exploit Log4j’s flaw, Wired magazine reported that some Twitter users were changing their names to code strings that could be used to trigger the exploit. Screenshots from the game Minecraft, too, showed players exploiting the flaw from the game’s chat function.

And the exploits didn’t take long to surface. As soon as the PoC (proof of concept) exploit was released on Github, hackers began actively scanning the internet for vulnerable assets. Several national cybersecurity agencies have issued warnings about the Log4j vulnerability, and there is clear evidence that hackers are developing targeted strategies to exploit the flaw. For instance, the botnet Mirai, which targets IoT connected devices, has already created an exploit to target the flaw.

As a result, companies have been rapidly patching their software, but, as is common, it takes time and talent—and determination—to patch code. Tens of thousands of programs are still unpatched.

It’s important to recognize that the flaw is with Log4j versions 2.14.1 and below. Apache has called on all developers to install the most recent version of the library, Log4j 2.15.0. However, the potential scope of the vulnerability CVE-2021-44228 is critical. Any device or app connected to the internet running Log4j versions 2.0-2.14.1, is at risk. 

In addition, exploiting the vulnerability is relatively straightforward. By simply sending a malicious string that then gets logged by the application, attackers can exploit a feature in log4j that can be used to retrieve information. 

The second vulnerability, CVE-2021-45046, was uncovered shortly after the initial patch was released. The initial patch was “incomplete” and this new exploit could allow attackers to craft malicious input data using a JNDI lookup pattern resulting in a denial of service (DOS) attack.

According to Lookout, a cybersecurity firm, there are several key actions users need to take—and that many have not taken even yet. Naturally, the prime action is to update any server, application, or resource that uses Log4j with the latest patch immediately. This patch includes coverage for both the latest DOS vulnerability and the original RCE vulnerability.

To mitigate against the possibility of data exfiltration, organizations should restrict access to its apps running on IaaS (Infrastructure-as-a-Service) and on-premises data centers by implementing user-to-app segmentation.

Organizations should implement defense-in-depth strategies by closely monitoring both the user and app behaviors. By flagging behavior indicative of an exploit, such as an anomalous login location or unusual file download volume, you will be able to detect and respond to malicious activities across your cloud and on-prem infrastructure as well as your endpoint devices.

Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure

Agriculture Apache Software Foundation Cloud Connected Devices Constructech Construction Construction News Cybersecurity Economy Edge Computing Future of Work Github Healthcare Internet for the Future Internet of Things IoT Logistics Lookout NIST Privacy Security Smart Cities Transportation Wired
Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email

Related Posts

Digital Utility for Utility Construction

June 30, 2022

How Tall Wood You Go?

June 29, 2022

Masonry Repair Materials

June 28, 2022

Infrastructure BIM in the Cloud

June 27, 2022

Asphalt and GHG

June 24, 2022

Leveraging Technology to Improve Public Health

June 23, 2022
Add A Comment

Comments are closed.

Get Your Copy Today
ABOUT US

Connected World works to expand quality of life and influence a sustainable future through digital transformation, innovation, and create opportunities all around.

We’re accepting new partnerships and radio guests right now.

Email Us: info@connectedworld.com

4611 Hard Scrabble Road
Suite 109-276
Columbia, SC  29229

 

Our Picks
  • Fact of the Day – 6/30/2022
  • Digital Utility for Utility Construction
  • Fact of the Day – 6/29/2022
Specialty Publishing Media

Questions? Please contact us at info@connectedworld.com

Press Room

Privacy Policy

Media Kit

Facebook Twitter Instagram YouTube LinkedIn
© 2022 Connected World.

Type above and press Enter to search. Press Esc to cancel.