Kuoma kwekusagadzikana muLog4j hakuna chinhu kunze kwedzidziso. Cyber matsotsi scan zviteshi zvepasi rose kutsvaga nzira dzekuzvishandisa. Vatsvakurudzi vekuchengetedza vakacherechedza mazana ezviuru zvekurwisa.
Mumazuva mashoma apfuura, Check Point Software yakaziva 470,000 kuedza kuita scan makambani network pasi rese. The scans inoitwa, pakati pezvimwe zvinhu, kutsvaga maseva anobvumira ekunze HTTP zvikumbiro. Masevha akadaro ane hunyanzvi hwekushandisa mukana wakashata muJava library Log4j. Kana sevha ichibvumira zvikumbiro zveHTTP, munhu anorwisa anogona kubaya sevha nemutsara mumwe unonongedza kune iri kure sevha ine mirairo yeJava yekuuraya malware. Kana iyo pinged server yakabatana neJava application iyo inoshandisa Log4j, iyo Java application inogadzirisa mutsara semurairo wekuita iyo malware. Pazasi pemutsara, sevha yemunhu anenge abatwa anoita zvinorairwa neanorwisa. Sangano rekuchengetedza Sophos rinoti raona mazana ezviuru zvekurwiswa.
Zviso zvinozivikanwa
Pakutanga takanyora chinyorwa chinovhenekera nezve yataurwa pamusoro pehunyanzvi mashandiro ekusagadzikana muLog4j. Chimiro chikuru chekushungurudzwa ndiko kugona kusvika Java maapplication anosanganisira Log4j. Pamwe pacho uku kutamba kwevana. Semuenzaniso, Apple yakashandisa iCloud Log4j kunyora mazita ePhones. Nekuchinja zita remuenzaniso we iPhone muIOS kune rairo yeJava, zvakazove zvichiita kupaza maseva eApple.
Mune zvimwe zviitiko, zvikumbiro hazvisi nyore kupesvedzera. Kutyisidzira kukuru kunobva kune vanorwisa vane ruzivo, ruzivo uye maitiro aripo. Vatsvagiridzi vekuchengetedza kubva kuNetlab360 vakamisa masisitimu maviri ehuchi (honeypots, ed.) kukoka kurwiswa kweJava application neLog4j. Vatsvagiri nokudaro vakakwezva mipfumbamwe mitsva mitsva yemhando dzinozivikanwa dzemalware, kusanganisira MIRAI neMuhstik. Iwo malware strains akagadzirirwa kushungurudza Log4j. Iyo yakajairika kurwisa tarisiro ndiko kusimbiswa kwe botnets ye crypto migodhi uye DDoS kurwisa. Check Point Software yakaita ongororo yakafanana pamwero mukuru. Mumazuva mashoma apfuura, sangano rekuchengetedza rakanyoresa 846,000 kurwiswa.
kudzivirira
Zviripachena kuti matsotsi epa cyber anotsvaga nekushandisa zvisina njodzi shanduro dzeLog4j. Dziviriro inonyanyo kurudzirwa ndeye uye inoramba ichiongorora zvese zveLog4j zvikumbiro munzvimbo. Kana mutengesi wekushandisa iyo Log4j inoshandiswa akaburitsa yakagadziridzwa vhezheni, patching inokurudzirwa. Kana zvisina kudaro, kudzima ndiyo yakachengeteka sarudzo. Iyo NCSC inochengeta tarisiro yekusagadzikana kwesoftware umo Log4j inogadziriswa.
Parizvino chiri chero chinhu asi chinokurudzirwa kugadzira yako wega software matanho kana kugadzirisa mashandiro eLog4j. Kusagadzikana kune misiyano. Microsoft, pakati pevamwe, yakaona akawanda akasiyana emutemo unoshandiswa kudzidzisa Java application kumhanya malware. Check Point inotaura nezve anopfuura makumi matanhatu ekuchinja.