Protective Measures: New “proxyjacking” attack exploits Log4j vulnerability

  • Fabian Sinner
  • May 11, 2023

Table of content

    Protective Measures: New “proxyjacking” attack exploits Log4j vulnerability

    In a recent discussion with colleagues, we talked about what motivates cybercriminals to attack companies or government agencies.

    Our discussion revealed that in many cases, the motivation is either financial, based on youthful recklessness, or, very topical now, based on the attacker’s political persuasion. In all cases, the impact of these attacks can result in significant losses or even failures in the effectiveness of commercial or intelligence systems. 

    Old Stones – New Methods 

    Over time, not only the motivation but also the general behaviour of the perpetrators has changed. Earlier hackers mainly tried to make a name for themselves by taking large or many systems offline to show off. But today, most professional hackers and cybercriminals are so skilled that it is rare to notice that enterprise systems have been cracked or taken over.  

    The recent wave of cyberattacks has spawned a new method called “proxyjacking.” The attacks exploit a vulnerability in Log4J software to infiltrate devices and instances. In doing so, the attack aims to take over the hijacked proxy system’s capabilities.  

    Unprotected systems create a new source of income 

    Once the goal is achieved, after a brief observation, the excess bandwidth is used for itself or sold commercially. The recent attacks on proxy systems that exploited a Log4J vulnerability have shown how sophisticated and profitable cybercriminals are. So that new sources of income are always created seemingly out of thin air.  

    But this didn’t just happen out of thin air – the administrator in charge could have taken the necessary steps, with a little time and knowledge/know-how, to harden the systems against such an attack.  

    It’s unlikely that an amateur could set up a working proxy server with just a YouTube tutorial. So, what enabled the hacker to take over the target? One should take regular measures to ensure that their system does not fall into the hands of criminals. 

    This includes the following actions every month:  

    • Activate and adjust firewall rules 
    • Perform updates 
    • Implement or add anomaly detection 
    • Block suspicious IP addresses as soon as they appear 
    • Add intuition detection, which most firewalls offer  

    A simple list, right? These steps may seem sufficient at first glance, but it is only possible to implement them with sufficient resources.  

    Cloud services and self-learning systems as an additional layer of protection 

    Even if you spend the money and invest in these expensive devices, you need trained staff to configure and monitor them. Therefore, staff must be trained regularly and, ideally, always available. 

    A simple alternative would be to use cloud services like those offered by Link11. Link11 offers an efficient solution for all listed/mentioned measures. 

    • The self-learning system monitors the data streams independently and fully automatically day and night. So, it is always available. 
    • The Link11 WAF (Web Application Firewall) is automatically updated and offers customizable rule sets. There is also enough know-how available. 

    Link11 can always respond to new threats, thanks to the Link11 DDoS instance, which provides a scalable environment in the cloud.

    Conclusion: proxy servers are useful/practical ways to optimize traffic and protect privacy. However, they also pose a significant security risk if hijacked/infiltrated by cybercriminals. Cyberattack threats are growing, and businesses and organizations must improve their security measures. Link11 offers a state-of-the-art and reliable solution to protect your systems. 

    Feel free to contact us anytime if you would like to know more about the self-learning system and Link11 WAF. 

    Contact us now >>

    Why a contemporary TLS configuration is important
    Citrix Systems Abused for DDoS Attacks
    X