SEOUL, South Korea, Dec. 18, 2021 — Data intelligence company S2W (https://s2w.inc/) recently released an analysis report on Logs of Log4shell (CVE-2021-44228) and introduced countermeasures. Malwares that have already exploited vulnerabilities are actively distributed in the Dark Web from December 10.
Kyoung-ju Kwak, Director of CTI at S2W said, "According to our CTI group analysis, malware distribution such as cryptominer, botnet, and ransomware using Log4j-related vulnerabilities is actively taking place, and indiscriminate attacks on unpatched systems have already begun." And he also expressed concern as "The CVE-2021-44228 affects not only the Apache server, but also all servers and services using log4j regardless of the type of server."
S2W pointed out that it is necessary to understand the current usage of in-house open-source, including Log4j, to cope with overall security vulnerabilities. Thereafter, when a vulnerability related to an open source used internally is disclosed, a system capable of providing an automated notification is also needed. If simultaneous measures for the entire system are difficult due to security threats, sequential measures are required, which must precede classification of internal assets such as customer systems and externally accessible employee work sites and identification of services in use. S2W also stressed that domestic and foreign conferences and security vendors should continue to check and internalize reports and intelligence related to malware periodically.
S2W’s ‘Logs of Log4shell (CVE-2021–44228) Report’ carefully selects and introduces a variety of log4j-related vulnerability detection and tools at home and abroad, including tools to check vulnerabilities in multiple sites remotely.
S2W emphasized that more than 150 services, including Tomcat, Minecraft, Redis, Apache Struts, Apache Solr, Apache Druid, Apache Flink, Apache Dubbo, ElasticSearch, Flume, Logstash, Kafka, and Spring-Boot-starter-log4j2, are affected by CVE-2021-44228 vulnerabilities, and that special attention is needed.
S2W has been quickly sharing related information since it was recognized as a vulnerability on S2Gether, a separate information delivery channel for its customers. In addition, S2W’s CTI solution "Xarvis" is updating information related to this vulnerability collected from various channels, and related IoC (Indicator of Compromise) are also continuously posted.
Lee Dae-jin, a researcher at S2W Offensive Research, said, "Some of the stories that it is safe to use the old version (1.x) of log4j are wrong, and there was an official announcement that a similar type of vulnerability to this log4shell should be found and taken action should be taken. In addition, the log4j1.x version is a version that has ended support, and even if several vulnerabilities are found, patches will no longer appear, so we recommend updating to the latest version.
** S2W’s Report on Logs of Log4shell (CVE-2021–44228) : Logs of Log4shell (CVE-2021–44228): log4j is ubiquitous