Organizations across the globe are becoming more educated about the need for increased security in the remote/hybrid age. Investing in managed services, advanced automation tools, and analytical software are certainly important steps for keeping networks safe from well known threats, but additional measures are still needed to become aware of less obvious tactics cybercriminals use.

According to a report by DarkReading, California-based cybersecurity firm CrowdStrike recently discovered threat actors from Iran have attempted to exploit a flaw in the widely utilized Log4j code. The CrowdStrike Intelligence team claims the group behind the attack is named “NEMISIS KITTEN”, and recently issued an urgent update regarding the exploit discovery.

“CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation state adversary. The Java code is used to download known instances of adversary specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).”

For those who are unfamiliar, Log4J is a java-based logging utility created by Apache Software. The open source code enables software developers to automatically document user and application activity, which has become increasingly useful in the post-pandemic era. The newly discovered exploit makes it possible for threat actors to remotely introduce ransomware,trojans, and even hijack a network entirely.

The Log4J code is among the most commonly used open source codes available, and is currently in the top 0.003% percentile (out of a 7.1 million population) of download popularity in the Maven Central Repository. Over the last four months, Log4J was downloaded 28.6 million times, according to data analytics from Sonatype. This means a massive number of organizations across nearly every industry could potentially be in danger of becoming another exploit victim.

Software developers and programmers utilizing Log4J can update the code with a new security patch released earlier this week. However, thousands of organizations may still be unaware their existing code is unsafe, with Sonatype CTO Brian Fox claiming 65% of current Log4J downloads are for the unpatched version of the code.

This problem is yet another reminder to organizations heavily invested in remote/hybrid technology about the severity of cybercrime in the post-pandemic economy. Threat actors are extremely persistent with their goals, and will do whatever is necessary to discover new ways to cause digital havoc. Even with the most sophisticated cybersecurity measures, there is always a chance of a potential problem. Keeping this in mind, organizations must ensure their IT departments are always up to date on newly discovered exploits, in order to avoid falling into the same traps as victims.