Ubukhulu bokuba sengozini ku-Log4j akuwona neze umcabango. Izigebengu ze-Cyber scan amachweba emhlabeni wonke ukuthola izindlela zokuwaxhaphaza. Abacwaningi bezokuphepha babone ukuhlasela kwamakhulu ezinkulungwane.
Ezinsukwini ezimbalwa ezedlule, i-Check Point Software ibone imizamo engu-470,000 yokwenza scan amanethiwekhi ezinkampani emhlabeni jikelele. I scans zenziwa, phakathi kwezinye izinto, ukuthola amaseva avumela izicelo ze-HTTP zangaphandle. Amaseva anjalo athambekele ekusebenziseni ubungozi obungaziwa kulabhulali ye-Java Log4j. Uma iseva ivumela izicelo ze-HTTP, umhlaseli angakwazi ukucupha iseva ngomugqa owodwa okhomba kuseva ekude ngemiyalo ye-Java yokusebenzisa uhlelo olungayilungele ikhompuyutha. Uma iseva e-pinged ixhunywe kuhlelo lokusebenza lwe-Java olucubungula i-Log4j, uhlelo lokusebenza lwe-Java lucubungula umugqa njengomyalo wokukhipha uhlelo olungayilungele ikhompuyutha. Phansi komugqa, iseva yesisulu yenza lokho umhlaseli akuyalayo. Inhlangano yezokuphepha iSophos ithi isihlonze ukuhlasela okungamakhulu ezinkulungwane.
Ubuso obujwayelekile
Ngaphambilini sibhale indatshana ekhanyisayo mayelana nokusebenza kobuchwepheshe okubalulwe ngenhla kokuba sengozini ku-Log4j. Umbandela wangaphambili omkhulu wokuhlukunyezwa yikhono lokufinyelela izinhlelo zokusebenza ze-Java ezihlanganisa i-Log4j. Kwezinye izimo lokhu kuwumdlalo wezingane. Isibonelo, i-Apple yasebenzisa iCloud Log4j ukurekhoda amagama iPhones. Ngokushintsha igama lemodeli ye-iPhone ku-iOS kuya kumyalelo we-Java, kube nokwenzeka ukuqhekeka amaseva e-Apple.
Kwezinye izimo, izinhlelo zokusebenza zilula ukuthonya. Usongo olukhulu luvela kubahlaseli abanolwazi, ulwazi namasu akhona. Abacwaningi bezokuphepha abavela ku-Netlab360 bamise amasistimu e-decoy amabili (ama-honeypots, ed.) ukuze ameme ukuhlaselwa kwezinhlelo zokusebenza ze-Java nge-Log4j. Ngakho-ke abacwaningi baheha ukuhluka okusha okuyisishiyagalolunye kwezinhlobo eziwuhlelo olungayilungele ikhompuyutha ezaziwa kakhulu, okuhlanganisa i-MIRAI ne-Muhstik. Izinhlobo ze-malware zenzelwe ukuhlukumeza i-Log4j. Ithagethi yokuhlasela evamile ukuqiniswa kwama-botnets ezimayini ze-crypto kanye nokuhlaselwa kwe-DDoS. I-Check Point Software yenza inhlolovo efanayo ngezinga elikhulu. Ezinsukwini ezimbalwa ezedlule, inhlangano yezokuphepha ibhalise ukuhlasela okungu-846,000.
Defense
Kusobala ukuthi izigebengu ze-inthanethi zifuna futhi zisebenzise izinguqulo ezisengozini ye-Log4j. Ukuzivikela okutuseka kakhulu wukusungula zonke izinhlelo zokusebenza ze-Log4j endaweni. Uma umphakeli wohlelo lokusebenza lapho i-Log4j isetshenziswa khona ekhiphe inguqulo ebuyekeziwe, ukuchibiyela kuyanconywa. Uma kungenjalo, ukukhubaza inketho ephephe kunazo zonke. I-NCSC igcina ukubuka konke kokuba sengozini kwesofthiwe lapho i-Log4j icutshungulwa khona.
Okwamanje akukuhle ukuthi uzenzele ezakho izinyathelo zesoftware noma ulungise ukusebenza kwe-Log4j. Ukuba sengozini kunokuhlukahluka. I-Microsoft, phakathi kokunye, ithole ukuhlukahluka okuningi komthetho osetshenziswa ukuyalela izinhlelo ze-Java ukusebenzisa uhlelo olungayilungele ikhompuyutha. I-Check Point ikhuluma ngezinguquko ezingaphezu kuka-60.