Infiltrating Internal Networks with Log4Shell | Reflectiz
Now that the year is at its last days, we can retrospectively examine the most significant disruption that occurred in 2021. Slowly we begin to grasp the scope of events that followed the discovery of CVE-2021-44228, also known as ‘Log4Shell’, and its impact on the information security world.
While security teams worked over the clock to protect their servers from the vulnerability, they overlooked a more sophisticated Log4Shell attack vector. One that enables hackers to reach into their victim’s internal environments.
Exploiting Log4Shell vulnerability via WebSockets
Since the discovery, many security researchers have delved into deeper learning on this vulnerability to exploit its volatile potential. In a report by Blumira’s CTO, Matthew Warner, he presented a vulnerability they found by triggering it using a WebSocket connection to machines with Log4J libraries. This is critical because it enables attacks on local services. In simple words, hackers utilize the vulnerability to attack devices disconnected from the internet!
“Until now, everybody looked for Log4Shell vulnerability on external servers open to the world. Now, hackers can even attack internal machines that you didn’t think can be breached,” says Ysrael Gurt, Reflectiz CTO. “This vector significantly expands the attack surface and can impact services running using VPN or ones that are connected to the local network.”
Why Websocket increases the attack surface
The real game-changer in the latest discovery proves that by utilizing WebSocket communication for the Log4J vulnerability exploit. This opens an entirely new attack vector that uses a digital supply chain and Java tools to attack previously unreachable machines through a compromised server. Since WebSocket is a network request that runs on the client-side, every service accessing the user machine will be targeted by the WebSocket request.
We already knew how dangerous the extensive use of Log4J libraries across various devices is. However, this discovery proves that threat actors can evaluate Log4Shell vulnerability into large-scale supply chain attacks.
The Log4Shell saga is an ongoing event. It’s an event of which we are yet to see the full scope of its impact. It reminds us that there’s always a new vulnerability to exploit.
Securing Your Online Presence
Keep your online businesses safe by mitigating security and privacy risks resulting from next generation third-party threats on your website, without adding a single line of code.
Free Reflectiz Information Kit
Get first-hand information and use cases to discover how Reflectiz can protect your website from advanced third party based attacks
Scan Log4J/Log4Shell vulnerabilities
Start a free scan for log4j/log4shell vulnerabilities caused by digital applications connected to your website and get full website mapping in just 10 minutes.
Comments are closed