Jan 03 · 3 min read
On December 9th, the Log4Shell vulnerability (CVE-2021-44228) was published in a GitHub repository and made public. Soon after started a wave of cyberattacks that began with mass-scanning of the internet for vulnerable servers and, once found, attackers’ attempts to exploit the vulnerability by injecting malicious code and launching attacks.
A lot has already been published and discussed on the Log4Shell vulnerability, so I won’t go over the details of what happened. Instead, this short blog will focus on the cyberattacks that targeted the Log4j vulnerability and what you need to do to reduce the risk and damage from such future attacks.
The Log4Shell vulnerability is a good example of the way attackers can exploit vulnerabilities in popular OS packages and the massive impact that such a vulnerability can have. Attackers are constantly scanning the internet looking to leverage vulnerabilities and misconfigurations to use for new attack paths. Once detected, the attackers move quickly and take advantage of the time window until the vulnerability is patched.
Attacks against vulnerable packages or popular open-source packages poisoning had the highest growth (X6) in 2021 compared to all other software supply chain attack vectors.
Attackers understood the potential of exploiting the software development process to launch software supply chain attacks and will we can expect to see this trend continue in 2022.
As published on Bleeping Computer on December 29, 2021, one of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber-attack on its payment system running a vulnerable Log4j version. The attackers exploited the Log4Shell vulnerability on a Cyclos server of ONUS as an entry point and planted backdoors that provided them with access to databases contained nearly 2 million customer records including personal information, financial records, and passwords.
Following the attack, the attackers approached ONUS with a ransom request of $5 million and threatened to publish customer data should ONUS refuse to pay.
On December 25th, after failing to get the requested amount from ONUS, the attackers put up the customer data for sale on a data breach marketplace.
Software companies need to adopt the below 5 steps to improve their application security posture and reduce open-source risks and damage.
Software supply chain security enables you to limit your exposure to vulnerable open-source packages, reducing the risks and potential damage of attacks that leverage them. Until now many people assumed that this is extremely difficult, and that such attacks are inevitable if you’re using open-source, but this is not true anymore. With modern, purpose-built supply chain security it’s not only doable, but even easy. These types of solutions will provide you with the visibility and security enforcement needed to enable you to discover and react in real time and prevent such threats.
Argon’s software supply chain security solution enforces strong security posture over your development process and enables you to automate the five steps process to reduce open-source risks above, by providing you with holistic visibility, real time insights and alerts, and the needed security guardrails to minimize your exposure.
DevOps has evolved into a standard practice of software development. According to…
Logging in to websites to access your accounts isn’t as secure as…
Today’s businesses and enterprises are heavily dependent on software and applications for…