Hackers including China’s state-backed groups have carried out more than 1.2 million attacks on companies globally since last Friday, according to researchers. previously unnoticed in a widely used open source software called Log4J.
Cybersecurity team Check Point said attacks related to the vulnerability have accelerated since Friday, and at some point their researchers saw more than 100 attacks per minute.
According to Charles Carmakal, chief technology officer of cyber company Mandiant, the perpetrators include “those who attack the Chinese government”.
The vulnerability in Log4J allows an attacker to easily gain remote control of a computer running an application using Java, a popular programming language.
According to US Media reports. Hundreds of millions of devices could be affected, she said.
Check Point said that in many cases, hackers have taken control of computers to use them to mine cryptocurrencies or become part of a botnet, a vast network of computers that can be used to impose phishing sites with traffic, spamming or other activities illegal purposes.
Both CISA and the UK’s National Cyber Security Center have now issued warnings urging organizations to perform upgrades related to the Log4J vulnerability, as experts try to assess the consequences. Amazon, Apple, IBM, Microsoft and Cisco are among the companies that have rushed to issue fixes, but no serious breaches have been publicly reported to date.
The vulnerability is the latest to hit corporate networks, following a vulnerability in popular software from Microsoft and IT company SolarWinds last year. Both of these weaknesses have been exploited by state-backed espionage groups from China and Russia, respectively.
Mandiant’s Carmakal says that Chinese state-backed actors are also trying to exploit the Log4J bug, but declined to share more details. Researchers at SentinelOne have also tell the media that they have observed Chinese hackers taking advantage of the vulnerability.
According to Check Point, almost half of the attacks were carried out by known cyber attackers. These include those using Tsunami and Mirai – malware that turns devices into botnets or networks used to launch remotely controlled attacks, such as denial of service attacks . It also includes pools using XMRig, a software that mines the hard-to-track digital currency Monero.
“With this vulnerability, attackers have virtually limitless power – they can extract sensitive data, upload files to servers, delete data, install ransomware or pivot to other servers.” , said Nicholas Sciberras, head of engineering for the Acunetix vulnerability scanner. It is “incredibly easy” to deploy an attack, he said, adding that it will be “exploited for months to come”.
The source of the vulnerability was faulty code developed by unpaid volunteers at the nonprofit Apache Software Foundation, which runs many open source projects, raising questions about security. of critical parts of the IT infrastructure. Log4J has been downloaded millions of times.
Experts say the vulnerability has been around since 2013. Matthew Prince, chief executive officer of the Cloudflare networking group, speak it began to be actively mined on December 1, although there was no “evidence of mass mining until after public announcement” from Apache the following week.