The Worst Internet Security Vulnerability 'Log4j'... Domestic Financial Companies Also Attacked

[Asia Economy Reporters Kang Nahum and Song Seungseop] Domestic financial companies have been identified as exposed to attacks exploiting the ‘Log4j’ vulnerability, considered the worst security flaw in computer history. Although the risk level was low and no damage occurred during the initial probing phase, experts emphasize the need for special caution as breaches could cause significant harm to both companies and consumers.

According to the financial sector on the 13th, the Financial Security Institute held an emergency inspection meeting yesterday, chaired by Director Kim Cheolwoong. This was in response to detected Log4j-related attacks targeting domestic financial company servers. It has been confirmed that there have been no successful hacks or damage cases so far. The scale and frequency of the attacks have not been specifically disclosed.

During the meeting, the Financial Security Institute analyzed the impact on the financial sector, reviewed response measures, and issued emergency alerts to each financial company. They also developed and promptly distributed rules to detect vulnerabilities.

Log4j is a program used on the internet to record ‘logs.’ Logs are information generated while using a computer, and Log4j functions to store these logs. Developed by the Apache Foundation, it is essential for server management. As a free open-source software, it is used by major global companies and government agencies such as Apple and Amazon.

Log4j became controversial recently when a vulnerability was discovered in the game ‘Minecraft’ that allowed hackers to infiltrate. The game uses the Log4j program, and it was observed that simply entering a specific message could enable remote control of the user’s computer. Exploiting this could lead to massive damage by attacking government agencies, companies, and financial institutions to implant malware.

It is currently unclear how many domestic financial companies use Log4j. Typically, the financial industry avoids free open-source software for security reasons. However, some financial institutions in Korea do use open-source software, so there is a possibility that Log4j has been applied. Only some developers responsible for operations know whether it is in use, making accurate status assessment difficult.

However, the Financial Security Institute explained that it is unlikely the recent attacks specifically targeted financial company servers. It is more probable that hackers were testing multiple servers to find vulnerable institutions, and financial companies happened to receive the same attacks. A Financial Security Institute official stated, “Lists of servers vulnerable to Log4j are being shared on hacking sites,” adding, “(In the case of domestic financial companies) detection is occurring, but vulnerabilities are rarely found so far.”

Meanwhile, as concerns about hacking targeting financial companies and domestic IT firms grow, local security companies are moving quickly. East Security, developer of ALYac, has already posted related information on its blog since the 10th, when the vulnerability was reported. An East Security official said, “Malicious files known to exploit the vulnerability can be detected and treated by the ALYac product.”

AI security company Logpresso urgently released a scanner on GitHub to respond to the Log4j 2 vulnerability. A Logpresso official explained, “Currently, temporary patches such as removing ‘JndiLookup.class’ as recommended by the Korea Internet & Security Agency’s security advisory can be applied.”

Information security company AhnLab also posted warnings and update recommendations regarding the Log4j 2 vulnerability on its blog, urging caution. Vulnerability detection is currently possible through AhnLab’s TG/IPX, AIPS, and HIPS products.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.