Java security vulnerabilities aren’t new. Nor are they limited to Java. System vulnerabilities work hand in hand with technological evolution. The more features and possibilities that a solution unlocks, the more pervasive is the attack on its core strengths. Being open source is no doubt, one of the strongest features of the Java platform. But it can also have some consequences in the form of Java security vulnerabilities.
Some time ago, a few, significant Java vulnerabilities were discussed in an article titled, “Hackers Use Java to Hide Malware on the Data Center Network”.
After a hacking attempt in US data centers, some elite software engineers identified a malicious code. This code was not detected by any antivirus software, which in turn, allowed hackers to bypass existing security systems.
Before you dismiss this as a minor, amateur hacking attempt, consider this: In mid-June 2020, the US Department of Homeland Security addressed this incident and warned data centers about the use of remote desktop servers by hackers to target data centers.
The attackers deployed ransomware. The issue could not be resolved by restoring data from back-up storage, according to the Cybersecurity And Infrastructure Security Agency.
Java vulnerabilities came into the spotlight when it was discovered that some attackers were in fact, Java Coders. To ensure obscurity of their malware, they wrote it in Java.
The attackers used Java because typical antivirus software does not usually scan for the Java format that was used. This was confirmed by researchers at BlackBerry and KPMG’s UK Cyber Response Services. They explained that the antivirus software does not see the Java Code format as an executable file. This was a system/ Java vulnerability that the attackers exploited.
Why wasn’t a core Java security vulnerability detected? The malware was not detected because it used Java image format to deploy ransomware in both Windows as well as Linux servers within the data centers.
The Java image format is generally used internally among Java coders just to share some code modules or functionalities. One may say it is like an ‘informal’ format that is not even properly documented.
This approach confirms that some top software developers were involved. To penetrate a system this way would mean possessing some insights into Java security vulnerabilities, or in this case, one core Java vulnerability.
The discovery astonished top developers outside the top talent community. For many, this was the first time they had heard of malware being constructed via the Java image format.
What made this evil attack a perverse act of genius? Java SE is commonly used in various enterprises, and many data centers are programmed on Java which allows attackers to easily bypass security controls.
Interestingly, the malware was created as a part of a bigger plan. The attackers aimed to manipulate the company’s:
Once the Java security vulnerabilities were fully taken advantage of, the company(s) would be forced to surrender and pay ransom.
Previous versions of this malware had weaknesses of its own. So, some elite software engineers successfully released a tool to help affected data centers. Using this tool, companies were able to decrypt their data and retrieve it, as confirmed by VP of Guard Services at BlackBerry. Unfortunately, the attackers struck back with an updated version of the malware, removing the weakness. This time there was no way to stay resilient in the eye of this Java security vulnerability.
This could be a big blow for the Java Programming Language and the Java Community at large.
Many companies may start considering a shift from Java to a non-open-source platform, even if they were not affected by the attack. Eric Milam, a Senior Cybersecurity Executive has suggested that data center managers should not wait for antivirus manufacturing companies to come up with a solution to detect such malware (or future Java security vulnerabilities). They should immediately upgrade to a platform with a better detection system.
See Also: VSCode Enhancements For Java Developers
While attacks as sophisticated as these are few and far between, they tend to project Java security vulnerabilities in a most unflattering light. The more persistent such news becomes, the more likely it is that business users in general will shift from Java and other open-source platforms.
In the wake of the COVID-10 pandemic, many organizations have permitted remote work for their teams. Many of these organizations have been increasing the use of remote access solutions for all operations. This includes:
The problem is not the access, but its unqualified, unrestricted use.
Many tools are rolled out very urgently, without ensuring compliance with agreed protocols and security SOPs. Sometimes business operability is at stake. In other cases, it’s plain oversight. In a similar scenario as the one here, the lack of enforcement allowed attackers to gain easy access to the Remote Desktop Protocol servers that were connected to all servers in the data center. (While this is not a ‘Java security vulnerability’ it is worth pointing out that the attackers defeat the first line of defense by acquiring stolen employee credentials probably through phishing or pharming attacks).
The data center managers were not alone. Security vulnerabilities have been highlighted as a top risk by multiple platforms. Cybersecurity will continue to feature as a top priority.
So what can businesses do to safeguard themselves? (From having Java security vulnerabilities exploited or otherwise)?
Additional authentication features on all remote desktop servers (such as multi-factor authentication) is one safeguard security personnel can implement. It is a basic security measure. In fact, many security systems with sensitive data already use it.
The advantage of multi-factor authentication is this: Even if attackers acquire employee usernames and passwords, they will still not be able to access accounts due to the requirement of additional information such as an OTP sent to the user’s mobile number.
Another measure suggested by security experts was data center segmentation. How does segmentation help? In case there’s an attack through a remote desktop server, attackers will not be able to access remaining data center servers.
A third solution security experts propose is attack prevention by monitoring login attempts and credentials. Often, attackers attempt to penetrate a system by using stolen credentials. Or experimenting by pairing employee IDs (email addresses) with commonly used passwords. By detecting patterns or frequency in login attempts and corresponding credential trials, the business will be forewarned of an imminent attack and can protect itself.
In this scenario, the Java community should come into action. Top developers within the Java community should come up with a solution to preemptively detect this malware. Or they should collaborate with researchers. (Such as those from BlackBerry and KPMG’s UK Cyber Response Services) to gain a more comprehensive understanding of Java security vulnerabilities and their business impact. We are confident, that with the right tech talent, even the most severe Java vulnerability can be defeated.
Shaharyar Lalani is a developer with a strong interest in business analysis, project management, and UX design. He writes and teaches extensively on themes current in the world of web and app development, especially in Java technology.
Create a free profile and find your next great opportunity.
Sign up and find a perfect match for your team.
Xperti vets skilled professionals with its unique talent-matching process.
Connect and engage with technology enthusiasts.
© Xperti.io All Rights Reserved