NEW DELHI :
A critical vulnerability called Log4Shell, detected last week in widely used open-source logging software Apache Log4J, is now being exploited by attackers to target organizations all over the world, including India.
About 41% of corporate networks in India have already faced an attempted exploit, according to an analysis by cybersecurity firm Check Point Research.
The Australia-New Zealand (ANZ) area was the most impacted region with 46% of corporate networks facing an attempted exploit, while North America was the least impacted with 36.4% of organizations facing such an attempt, the security firm said.
“If you are using any Java product that needs logging in, it is quite possible you are using Log4j,” said Karan Saini, a Bengaluru-based security researcher. “There are a lot of Java-based products that are used in India,” he said.
Java is one of the most commonly used programming languages in the world.
However, Saini also said that Indian companies are not more vulnerable than their western counterparts because they use Java-based applications.
“Indian companies are at high risk because of their weak security posture, especially the smaller companies that may not have the know-how or resources to detect and fix the issue quickly,” he said.
Check Point Research said it had detected more than 846,000 attacks exploiting the Log4Shell vulnerability across the world in the 72 hours following the discovery.
About 46% of those attempted exploits were the handiwork of known malicious groups.
Lotem Finkelstein, director, threat intelligence and research for Check Point, called the involvement of known malicious groups “most worrying” and said this requires an immediate reaction from security teams or it can cause “incalculable damage”.
Log4Shell has been assigned a severity rating of 10 by security experts, the highest level possible.
The vulnerability can be exploited by using a single line of code and allows attackers to execute remote commands on a victim’s system.
It can be exploited by attackers to take control of any Java-based web server and carry out remote code execution (RCE) attacks. In an RCE attack, attackers take control over the targeted system and can perform any function they want.
The Log4j library is embedded in every Java-based web service or application and is used by a wide number of companies to enable logging in on applications, according to researchers at Check Point.
Almost all major names, including Amazon, Microsoft and Twitter, use it. The vulnerability was first detected on websites that were hosting servers of a Microsoft-owned game called Minecraft.
“On the face of it, this is aimed at crypto miners but we believe this creates just the sort of background noise that serious threat actors will try to exploit to attack a whole range of high-value targets such as banks, state security and critical infrastructure,” Finkelstein said.
The majority of attack attempts related to Log4Shell so far have been used for mass scanning by attackers to identify vulnerable websites and applications, security researchers at Microsoft pointed out in a blog post.
However, they have also detected some instances of exploitation and post-exploitation activities, including installing crypto mining software and installing cobalt strike malware for credential theft.
Microsoft also found that attackers are using obfuscation techniques to evade detection.