Home » Alibaba Cloud has been ordered to make rectifications. When will the trouble caused by the Log4j2 vulnerability end? | Leifeng

Alibaba Cloud has been ordered to make rectifications. When will the trouble caused by the Log4j2 vulnerability end? | Leifeng

by admin

Author | Li Yangxia

Edit | Lin Juemin

On the morning of December 22, Alibaba Cloud was suspended from the Ministry of Industry and Information Technology‘s network security threat information sharing platform cooperation unit identity, 6 months of news, went viral on the Internet.

According to the Cyber ​​Security Administration of the Ministry of Industry and Information Technology, Alibaba Cloud failed to promptly report to the telecommunications authorities after discovering major security vulnerabilities in the Apache Log4j2 component, and did not effectively support the Ministry of Industry and Information Technology to carry out cyber security threats and vulnerability management. Suspended its identity as a partner of the Ministry of Industry and Information Technology‘s cybersecurity threat information sharing platform for a period of 6 months.

The Cyber ​​Security Administration stated that after the suspension period expires, it will study the restoration of the aforementioned cooperative units based on Alibaba Cloud’s rectification situation.

Since the discovery of the Log4j 2 vulnerability on the night of December 9th, it has received great attention from the inside and outside the industry. A netizen said, “I have been aware of this vulnerability if I did not pay attention to the field of network security before.”

A security expert said: “Since the disclosure of the Log4j2 vulnerability, it has basically shaken the whole people. Whether it is a security practitioner, a security enthusiast, or a hacker who is a black product or blackmailer, it basically stays up all night and keeps moving.”

As we all know, Apache Log4j is a component widely used around the world. Its vulnerability affects the world and is comparable to the “eternal blue” vulnerability. Its exploitation complexity is low. Serious hazards such as service interruption can cause unpredictable hazards and losses.

According to relevant media reports, the Belgian Ministry of National Defense network has recently been successfully attacked by unknown attackers who used a huge vulnerability in the Apache log library log4j to carry out attacks.

Not only the government, but also companies are also the targets of the attack, as long as the use of JAVA development is basically affected. At the same time, individual users have been attacked. A few days ago, the JAVA version of Minecraft was detected by a large number of hackers exploiting Apache Log4j 2 vulnerabilities to attack individual users.

See also  The wind towers of the highlanders

The consequences of the impact of Log4j 2 are gradually becoming apparent.

1. Has Alibaba Cloud been “tested”?

An industry insider said: “According to the industry’s vulnerability disclosure cycle, the entire process should be reported to the vendor first, and the vendor provides a solution at the appropriate time based on the impact of the vulnerability, and then 10, 45 or 90 days, and then After the manufacturer provides a solution, a vulnerability notification will be issued.”

The special feature of this Log4j 2 vulnerability is that it is an open source software.I was madly forwarded without time to repair, because the open source software repair code is public, and part of the repair code is the test code, and the test code is used to check whether the repair is correct. The whole process is equivalent to being public, which is basically the same as being public. The vulnerability principle and attack method are discussed.

Since Alibaba Cloud reported the vulnerability to Apache on December 9, Log4j 2 vulnerabilities have also begun to ferment.

And the “Network Product Security Vulnerability Management Regulations” officially implemented on September 1, 2021: Vulnerability information must not be released before network product providers provide network product security vulnerabilities repair measures. If it is deemed necessary to release in advance, it shall jointly evaluate and negotiate with the relevant network product providers, and report to the Ministry of Industry and Information Technology and the Ministry of Public Security, and the Ministry of Industry and Information Technology and the Ministry of Public Security shall organize the evaluation and release.

At the same time, the regulations are clearRelevant companies must accept at least 4 management inspections,They are the National Internet Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security and relevant industry authorities;At the same time, companies should submit relevant vulnerability information to the Ministry of Industry and Information Technology‘s cyber security threat and vulnerability information sharing platform within 2 days.

Article 3 of the “Regulations on the Management of Network Product Security Vulnerabilities” National Internet Information OfficeResponsible for overall coordination of network product security vulnerability management.Ministry of Industry and Information TechnologyResponsible for the comprehensive management of network product security vulnerabilities, and responsible for the supervision and management of network product security vulnerabilities in the telecommunications and Internet industries.Ministry of Public SecurityResponsible for the supervision and management of network product security vulnerabilities, and crack down on illegal and criminal activities that use network product security vulnerabilities in accordance with the law.Relevant authoritiesStrengthen cross-departmental coordination, realize real-time sharing of network product security vulnerability information, and conduct joint assessment and disposal of major network product security vulnerability risks.

It is understood that on December 9th, the Ministry of Industry and Information Technology‘s cyber security threat and vulnerability information sharing platform received a report from relevant cyber security professional organizations that the Apache Log4j2 component had serious security vulnerabilities. The Ministry of Industry and Information Technology immediately organized relevant cybersecurity professional institutions to conduct vulnerability risk analysis, convened Alibaba Cloud, cybersecurity companies, cybersecurity professional institutions, etc. to conduct research and judgment, notified and urged the Apache Software Foundation to repair the vulnerability in a timely manner, and issued risk warnings to industry units.

See also  The latest financial report shows that Alibaba Cloud's growth rate has slowed down, competition has intensified, and the future way out is to B and to G

2. Log4j 2 vulnerabilities, three steps to compromise any device

Log4j 2 is a vulnerability that can be ranked top3 in the past ten years, and it has a wide range of impacts, including most online businesses, websites we usually use, and hardware products with network outreach functions.

At present, some ransomware, mining, etc. have begun to take action. Among them, PoC attacks have also appeared on the Internet. Although some security vendors have responded in time and made some monitoring and repair plans, most of them The website will still be affected, but it is currently difficult to assess.

For companies, even if they are attacked, they can only smash their teeth and swallow them in their stomachs. The enterprise or newer version that has not been attacked or finds a security vendor to fix the vulnerabilities.

According to Leifeng(Public account: Leifeng.com)I understand that the threshold for this log4j 2 attack is very low and does not require any special configuration, as long as the default configuration is enough, because the attack code can be embedded in the most commonly used functions of developers to directly control the target server.

log4j is a log component used to record logs. Generally speaking, the log component of a website or a desktop software is in the entire software component structure. Log4j is in Java, and slf4j is also in Java. In the past, the vulnerabilities of these two log components combined did not exceed double digits, and the attack also had to meet many configurations, which was not easy to succeed.

See also  Fiscal peace, Forza Italia with Salvini. Tajani: "It's our proposal"

So let’s restore the entire implementation process of exploiting the log4j vulnerability, why is it easy to implement.

The first step: the attacker sends a large number of requests through scanners or other batch scripts and other means to determine the entry point of the attack.

Step 2: Send a piece of JNDI code to guide the victim to send a request to the malicious server, and then the malicious server will return a bunch of codes.

Step 3: Send the attack code again to let the victim request the malicious server request. What is sent in the middle is different. The second time the malicious server returns the code to the victim, the administrator’s purpose of controlling the victim can be achieved.

In fact, as long as you do everything on the website, the log is like a monitor, recording all your operations. Whether it is keyboard input, mouse clicks, or website code changes, the software on the computer and the website will be recorded in the database. Once the attacker sends you a message, all your data will be leaked.

Some manufacturers say that as long as one of the links is cut off, attacks can be prevented, and vulnerabilities can also be avoided by upgrading the new version. However, some companies report that if the upgrade will affect their business or even crash, they can only use solutions from network security manufacturers.

The last month of 2021 can be described as thrilling in the cyber security circle. This time, the Log4j2 vulnerability is worth thinking about. It is important to know that the difficulty, technical content, exploitation, and impact of the vulnerability are not a concept.

.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy