The Belgian Defense Ministry has issued a statement confirming that their systems have fallen victim to this pernicious zero-day exploit.
We've talked about the Log4j/Log4shell vulnerability before, but it seems we're not done with it yet.
A representative of the Belgian Defense Ministry stated that an attack on their internet-facing network was discovered on Thursday, 16th December. They then implemented quarantine measures to isolate the affected parts of the network and stop the attackers from penetrating any further.
Our teams were mobilized all weekend in order to keep the issue under control, continue our operations and inform partners. We are continuing to monitor the situation.
The Defense Ministry isn't the only organisation to have suffered attention from attackers looking to take advantage of Log4j. Check Point Software Technologies, a supplier of cybersecurity solutions, has reported that a group of hackers known under the monikers of "Phosphorus" or "Charming Kitten" exploited the Log4j vulnerability to execute attacks against multiple Israeli targets, including government websites.
This is far from the only hacking group actively looking to take exploit the window of opportunity offered by companies slow to roll out patches. Another group taking advantage of this vulnerability is Hafnium, a hacking group with links to China. Microsoft says that Hafnium is using the Log4j vulnerability in attacks against virtualization infrastructure around the globe.
Consumers may wonder why this is something they should be concerned about. After all, they're not multinational companies or industries running web servers, but these attacks target the infrastructure that supports and enables many now-common applications and devices. Log4j is what's known as an "open source library" and is part of the Apache Logging Services, which are written in Java.
Java is a cross-platform framework, designed to run on multiple operating systems and multiple devices, so ANY operating system such as Windows, Linux, MacOS and more are vulnerable to being attacked. Java also powers an array of devices such as webcams, satnavs, DVD players, set-top boxes and even some medical appliances.
Bitdefender has confirmed that a new ransomware attack they've dubbed "Khonsari" has been detected in the wild, and it's not just being deployed through bogus email links or fraudulent text messages. Thanks to log4j, it's being installed through compromised Minecraft clients. These clients were connected to modified Minecraft servers running a vulnerable version of Log4j through the use of a third-party Minecraft mod loader.
Anyone heavily involved in Minecraft will almost certainly have experimented with some form of modding, and perhaps even with running their own modified Minecraft server, so this has the potential to impact more than just enterprise level users and nobody wants to deal with their files being locked behind ransomware.
How can you protect yourself against Log4j?
If you are a company that hasn't already rolled out patches, we would strongly recommend you check your vendor's support sites for updates for your applications and devices. Microsoft, IBM, Cisco and more have all issued statements and fixes for affected components for their big clients, but individual vendors will also be rolling out firmware updates and fixes for any device that might be vulnerable, so consumers need to be on the lookout for updates for any devices they use around the home.
While we understand many companies are still getting back to business as usual after the New Year, the groups looking to take advantage of this exploit definitely won't have taken any time off over Christmas.