The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will host a call with critical infrastructure stakeholders Monday afternoon about a critical vulnerability affecting products with the Log4j software library, according to a statement.
CISA sent out an alert Friday that the agency had added the flaw to its list of exploited vulnerabilities, and urged federal and civilian organizations to patch and take steps to mitigate harm immediately. Log4j is a widely-used, open-source logging utility used in numerous cloud and enterprise apps including Minecraft, Apple iCloud, Cloudflare and Twitter, to track software activity. The ubiquity of the tool makes the extent of the zero-day’s potential damage likely wide-reaching.
“CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library,” CISA director Jen Easterly said in a statement. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.”
Cybersecurity researchers noted over the weekend that cybercriminals were racing to take advantage of the newly announced vulnerability.
“We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure to or exploitation of the vulnerability,” Easterly said.
Botnets launching malicious cryptocurrency-generation operations have begun to exploit the vulnerability, Sophos researcher Sean Gallagher wrote Sunday. Sophos since Dec. 9 has observed thousands of attempts to exploit the Log4j flaw, including attempts to exfiltrate information from Amazon Web Services keys and other private data.
While most of the activities researchers have noticed so far are crimes of opportunity with criminals scanning for any vulnerable systems, research firm GreyNoise has noticed the potential for more targeted attacks. Researchers at Microsoft have also noticed attacks using CobaltStrike, which can be used to further compromise vulnerable systems.