OSIRIS Brief 1.17.0
Log4J continues; China and West drift apart; Hacking interferes with Iran talks.
Log4J Is Still a Massive Problem
As expected, the Log4J continues to cause a global freakout over cybersecurity. One cybersecurity company reported that attackers attempted to find computers with the Log4J vulnerability over 1 million times. Companies and organizations have identified dozens of apps with the Log4J vulnerability. Apache has patched the vulnerability, but unfortunately, the patch may allow Denial of Service (DoS) attacks.
The Log4J vulnerability is the perfect storm because it can be used in a variety of cyberattack types. Researchers have documented attacks including ransomware, Distributed Denial of Service (DDOS), and trojans exploiting the Log4J vulnerability. The vulnerability is so powerful because it allows attackers to create a “reverse shell” (demo video) to control target computers. “Reverse shells” allow hackers to take control of the target computer, and therefore can use Log4J at multiple points during an attack.
It is important to fix the Log4J vulnerability quickly but will be difficult to accomplish. Essentially everyone who goes online is vulnerable to a Log4J-based attack. That widespread vulnerability makes patching the vulnerabilities difficult. Dangerous threat actors like the Iranian Advanced Persistent Threat (APT) “Charming Kitten” are exploiting Log4J.
The PRC and the West Divorcing Online
Competition between PRC and the West is accelerating quickly, perhaps leading to the international breakup observers fear. Last week the EU announced a plan intended to compete with PRC’s Belt Road Initiative The PRC also appears to be withdrawing from international capital markets, after forcing DiDi Chuxing to list its stock in Hong Kong rather than Wall Street.
The PRC/Western breakup has been apparent online for some time. A security breach that occurred ten years ago, but only made public this week tied the Chinese company Huawei closely to the PRC government, alienating the US, among others (Portuguese). Western governments are increasingly leery of PRC-based companies given those companies’ willingness to support PRC policies. The PRC government even had to salvage an Artificial Intelligence company’s IPO, after Western bourses essentially blackballed the AI company for its practices.
Hacking Complicate Iran Deal
Cyberattacks are playing a surprising role in negotiations over the Iranian nuclear program. Iran and Israel have been engaged in an online tit-for-tat. Iran views Israeli attacks on legitimate Iranian interests, which is complicating negotiations with Iran. Israel believes it is merely retaliating against a geostrategic adversary, who is already attacking Israeli interests.
We can expect such online conflicts to continue for the foreseeable future. Both Iran and Israel believe they are pursuing their national security. Until both sides feel safe, neither side will stop their attacks. Negotiators may think cyberattacks are interfering with talks, and are increasing tensions between the two countries. It is more likely that cyberattacks are a symptom of insecurity rather than a cause because if talks were making Iran and Israel feel safe, they would not feel the need to attack one another.
Noteworthy
The Final Report on NOBELIUM’s Unprecedented Nation-State Attack by Lefferts
Have Money for a Latte? Then You Too Can Buy a Phish Kit) by Peck
Ransomware: Understand. Prevent. Recover. (Free E-book by Liska
Privacy As a Competitive Advantage by Kindschi
Cyber Command Is in the Ransomware Game—Now What? by Lonergan and Zabierek
The Human Element in Cybersecurity by AD360
The Importance of Email Encryption In Protecting Confidential Company Data by LIFARS
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Ask a question! Raise an objection! Leave a comment!