Cybersecurity News in Asia

Features
- Featured
  
  How to talk to your board and C-suite about cyber-preparedness
  
  Thursday, June 1, 2023, 11:33 AM Asia/Singapore | Features, Tips
- Featured
  
  Ransomware trends APAC organizations should be mindful of
  
  Tuesday, May 30, 2023, 2:02 PM Asia/Singapore | Features, Malware & Ransomware
- Featured
  
  Generative AI – the cybercriminal’s latest tool of terror?
  
  Tuesday, May 23, 2023, 11:20 AM Asia/Singapore | Features
News
- Featured
  
  Cyber insurance terms reward the cyber diligent
  
  Tuesday, June 6, 2023, 11:22 AM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  2022 financial services web-application and API attacks surge 248% in APJ
  
  Tuesday, June 6, 2023, 10:39 AM Asia/Singapore | News, Newsletter
- Featured
  
  Automation and AI increase bot attack sophistication, evasiveness
  
  Thursday, June 1, 2023, 2:45 PM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

B1txor20 exploitation of Log4j a “second wave”: expert

By CybersecAsia editors | Friday, March 18, 2022, 12:33 PM Asia/Singapore

The newly launched Linux botnet is more sophisticated than exploits in the first wave, and signals impending “more nefarious” attacks.

A new Linux botnet named B1txor20 has been detected exploiting the Log4J vulnerability to target Linux systems and infecting dozens of vendors that have not patched their systems.

The botnet uses the exploit to steal sensitive information, install rootkits, create reverse shells and act as web traffic proxies.

What makes this bot unique is that it was found using DNS tunneling to conceal its communication traffic. Also, the botnet targets not just x64 devices but also those running on ARM processors. This means devices such as mobile phones and equipment that contain embedded IoT products are also vulnerable. As such embedded systems are likely to be much harder to patch and keep up to date, this exploitation campaign could be running for a very long time and cause sleepless nights for a lot of enterprises.

According to Michael White, Technical Director and Principal Architect, Synopsys Software Integrity Group: “Without software bill-of-materials (SBOM) information for all the network-connected systems, the initial inventory itself will be a massive undertaking. Whilst it is clear Log4j is far from over, we really need to be planning for the next log4j type event, because there will be more. And the answer to that is to get enterprise SBOM initiatives established and to start requiring this information from vendors.”

White noted that sometimes, when planning remediation, security experts will consider whether an exploit is present when they have to assign a level of urgency to any threat. Exploit authors know this tendency and are gaining sophistication over time. So, defenders should no longer use the presence or absence of an existing exploit to determine urgency, but rather how sophisticated has the exploitation of a particular vulnerability has become in general.

“To me, this looks like a renewed second wave of exploitation. It may even build on from here, and become easier to achieve nefarious outcomes,” White said.