Log4j Targeted Cyberattacks: Reducing Open-Source Risks

Eran Orzel
Jan 03 · 3 min read

On December 9th, the Log4Shell vulnerability (CVE-2021-44228) was published in a GitHub repository and made public. Soon after started a wave of cyberattacks that began with mass-scanning of the internet for vulnerable servers and, once found, attackers’ attempts to exploit the vulnerability by injecting malicious code and launching attacks. 

A lot has already been published and discussed on the Log4Shell vulnerability, so I won’t go over the details of what happened. Instead, this short blog will focus on the cyberattacks that targeted the Log4j vulnerability and what you need to do to reduce the risk and damage from such future attacks.

Log4j attacks aftermath and lessons learned

The Log4Shell vulnerability is a good example of the way attackers can exploit vulnerabilities in popular OS packages and the massive impact that such a vulnerability can have. Attackers are constantly scanning the internet looking to leverage vulnerabilities and misconfigurations to use for new attack paths. Once detected, the attackers move quickly and take advantage of the time window until the vulnerability is patched.

Attacks against vulnerable packages or popular open-source packages poisoning had the highest growth (X6) in 2021 compared to all other software supply chain attack vectors.

2021 State of the Software Supply Chain Report, by Sonatype

Attackers understood the potential of exploiting the software development process to launch software supply chain attacks and will we can expect to see this trend continue in 2022.

The ONUS cyberattack example – Fintech firm hit by Log4j hack and $5M ransom

As published on Bleeping Computer on December 29, 2021, one of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber-attack on its payment system running a vulnerable Log4j version. The attackers exploited the Log4Shell vulnerability on a Cyclos server of ONUS as an entry point and planted backdoors that provided them with access to databases contained nearly 2 million customer records including personal information, financial records, and passwords.

Following the attack, the attackers approached ONUS with a ransom request of $5 million and threatened to publish customer data should ONUS refuse to pay.

On December 25th, after failing to get the requested amount from ONUS, the attackers put up the customer data for sale on a data breach marketplace.

Five Step to Reduce Open-Source risks

Software companies need to adopt the below 5 steps to improve their application security posture and reduce open-source risks and damage.

  1. Visibility: Deploy a software supply chain security solution that provide continuous, real-time visibility to the security and quality of your code and open-source packages.
  2. Prevention: Apply a screening gate or security process to alert on risky packages and to prevent the use of vulnerable packages in new projects moving forward.
  3. Remediation: Execute a plan, with the development organization, to review and upgrade (if possible) existing open-source packages with high-risk to a safe version.
  4. Risk Monitoring: Continue to monitor external security advisories and alerts regarding your open-source packages for early discovery of new vulnerabilities.
  5. Incident Response: Set up a response procedure for the security and Dev teams to follow up in case when a new vulnerability is discovered.

It’s Time to Strengthen Your Code Security and Quality

Software supply chain security enables you to limit your exposure to vulnerable open-source packages, reducing the risks and potential damage of attacks that leverage them. Until now many people assumed that this is extremely difficult, and that such attacks are inevitable if you’re using open-source, but this is not true anymore. With modern, purpose-built supply chain security it’s not only doable, but even easy. These types of solutions will provide you with the visibility and security enforcement needed to enable you to discover and react in real time and prevent such threats.

Argon’s software supply chain security solution enforces strong security posture over your development process and enables you to automate the five steps process to reduce open-source risks above, by providing you with holistic visibility, real time insights and alerts, and the needed security guardrails to minimize your exposure.

Eran Orzel
Jan 03 · 3 min read

Related Articles

6 Steps to Comprehensive DevOps Security

DevOps has evolved into a standard practice of software development. According to…

Eylam Milner
Apr 18 · 9 min read

What is Broken Authentication and How Can You Prevent it

Logging in to websites to access your accounts isn’t as secure as…

Eilon Elhadad
Apr 11 · 10 min read

Best practices for Improving Software Integrity

Today’s businesses and enterprises are heavily dependent on software and applications for…

Eilon Elhadad
Mar 31 · 5 min read

End-to-End CI/CD Security Platform

open source vulnerability scanner
Our next, exciting chapter. Argon is now an Aqua company
Our next, exciting chapter. Argon is now an Aqua company