Ubungqongqo bokuba sesichengeni kwi-Log4j ayinanto ngaphandle kwethiyori. Izigebenga zeCyber scan amachweba kwihlabathi liphela ukufumana iindlela zokuwaxhaphaza. Abaphandi bokhuseleko babone uhlaselo olungamakhulu amawaka.
Kwiintsuku ezimbalwa ezidlulileyo, i-Check Point Software yaqaphela imizamo ye-470,000 yoku scan iinethiwekhi zoshishino kwihlabathi jikelele. I scans ziyenziwa, phakathi kwezinye izinto, ukufumana abancedisi abavumela izicelo zangaphandle zeHTTP. Iiseva ezilolo hlobo zityekele ekusebenziseni ingozi edume kakubi kwithala leencwadi leJava Log4j. Ukuba umncedisi uvumela izicelo ze-HTTP, umhlaseli unokubethelela umncedisi ngomgca omnye okhomba kwiseva ekude ngemiyalelo yeJava yokuphunyezwa kwe-malware. Ukuba umncedisi we-pinged udityanisiwe kwisicelo seJava esenza iLog4j, isicelo seJava siqhuba umgca njengomyalelo wokuphumeza i-malware. Emazantsi emgceni, umncedisi wexhoba uphumeza oko ayalela umhlaseli. Umbutho wezokhuseleko uSophos uthi uchonge amakhulu amawaka ohlaselo.
Ubuso obuqhelekileyo
Ngaphambili sibhale inqaku elikhanyisayo malunga nokusebenza kobugcisa obukhankanywe ngasentla bokuba sesichengeni kwi-Log4j. Owona mqathango mkhulu wokuxhatshazwa kukukwazi ukufikelela kwizicelo zeJava ezibandakanya iLog4j. Kwezinye iimeko lo ngumdlalo wabantwana. Umzekelo, Apple wasebenzisa iCloud Log4j ukurekhoda amagama iPhones. Ngokutshintsha igama lemodeli ye-iPhone kwi-iOS ukuya kumyalelo weJava, kuye kwacaca ukuba kunokwenzeka ukuqhekeza iiseva ze-Apple.
Kwezinye iimeko, izicelo azilula kakhulu ukuba nefuthe. Esona sisongelo esikhulu sivela kubahlaseli abanamava, ulwazi kunye nobuchule obukhoyo. Abaphandi bokhuseleko be-Netlab360 bamisela iinkqubo ezimbini ze-decoy (honeypots, ed.) Ukumema ukuhlaselwa kwezicelo zeJava kunye ne-Log4j. Abaphandi ke batsale iinguqulelo ezisithoba zeentlobo ze-malware ezaziwa kakhulu, kubandakanya i-MIRAI kunye ne-Muhstik. Iintlobo ze-malware ziyilelwe ukusebenzisa kakubi i-Log4j. Injongo yokuhlaselwa okuqhelekileyo kukuqiniswa kwe-botnets ye-crypto mining kunye nokuhlaselwa kwe-DDoS. I-Check Point Software yenza uphando olufanayo kwizinga elikhulu. Kwiintsuku ezimbalwa ezidlulileyo, umbutho wezokhuseleko ubhalise ukuhlaselwa kwe-846,000.
ukhuselo
Kucacile ukuba izigebenga ze-cyber zifuna kwaye zisebenzise iinguqulelo ezisesichengeni zeLog4j. Olona khuselo lucetyiswayo luselugcinweni luluhlu lwazo zonke izicelo ze-Log4j kwindawo. Ukuba umboneleli wesicelo apho i-Log4j isetyenziswa khona ukhuphe inguqulelo ehlaziyiweyo, ukupeyishwa kuyacetyiswa. Ukuba akunjalo, ukukhubaza yeyona ndlela ikhuselekileyo. I-NCSC igcina isishwankathelo sokuba semngciphekweni kwesoftware apho iLog4j isenziwa khona.
Yiyo nantoni na okwangoku kodwa kuyacetyiswa ukuba uphuhlise eyakho imilinganiselo yesoftware okanye uhlengahlengise ukusebenza kweLog4j. Ukuba sesichengeni kunokwahluka. IMicrosoft, phakathi kwezinye, ibone iindlela ezahlukeneyo zomgaqo osetyenziswayo ukuyalela usetyenziso lweJava ukusebenzisa imalware. I-Check Point ithetha ngaphezu kweenguqu ze-60.