Log4Shell could be leaving businesses in Asia-Pacific vulnerable to log injection attacks, according to Barracuda.
First publicly disclosed in December 2021, Log4Shell is a software vulnerability specifically targeting Log4j, a Java-based logging audit framework which is an Apache project. Log4j is an open-source Java package used to support activity-logging in many popular Java applications. While not all software written in Java is vulnerable, the affected package is widely used by developers across multiple organisations.
Upon its discovery, the Log4Shell vulnerability was given the highest severity rating possible by the National Vulnerability Database, due to the ease with which malicious attackers can exploit it.
Since then, Barracuda researchers have been analysing the attacks and payloads detected, and found that the volume of attacks remains relatively constant and is unlikely to diminish anytime soon. The vulnerability enables a remote attacker to take control of a device on the internet if the device is running certain versions of Log4j. Logging is a critical component of most applications and systems because it allows developers and system administrators to verify that software is working properly and identify more specific details when it is not.
Researchers also uncovered interesting insights into where the attacks originated. The majority of attacks came from IP addresses in the U.S., with half of those IP addresses being associated with AWS, Azure and other data centres.
Attacks were also sent from Japan, Germany, Netherlands, and Russia. These were the IPs that performed scans and attempted intrusions. Actual payloads would have been delivered from other compromised websites or VPS hosts.
“Given the popularity of the software, the exploitability of the vulnerability and the payoff when a compromise happens, we expect to see this attack pattern continue, at least for the short-term,” said Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda.
“The best way to protect against Log4shell specifically is to upgrade to the latest version of log4j. Maintaining up-to-date software and libraries helps ensure that vulnerabilities are patched in a timely manner. Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to protect against attacks. However, all-in-one solutions are now available, including WAF/WAF-as-a-Service solutions, also known as Web Application and API Protection (WAAP) services, which can help protect your web applications by providing all the latest security solutions in one easy-to-use product.”
