Incredibly screwed. The log4j exploit is a 10/10 on the common vulnerability scoring system. I.e. time to care. gizmodo.com/log4j-just-how…
"Apache’s log4j, is a free and open-source logging library that droves of companies use. It's free and widely trusted, companies large and small have been employing it for all kinds of stuff. The irony, of course, is that this bug-checking tool now has a bug"
"afflicted include big names like Apple, Twitter, Amazon, LinkedIn, CloudFlare. Cloud computing firm VMWare, for instance, reports that 44 of its products are impacted. Networking giant Cisco says that 35 of its tools are vulnerable"
"So, that’s the bad news. The good news? JK, there isn’t any good news. Instead, there’s more bad news: This gaping vulnerability is already seeing mass exploitation attempts by hordes of cybercriminals."
"most criminals appear to have found out about the log4j vuln at the same time as everybody else. Thus, exploitation attempts on vulnerable systems and platforms have increased exponentially since last week"
"Dec 10th saw 1000s of attack attempts, rising to over 40,000 Dec 11th. 24h after the outbreak we recorded 200,000 attempts of attack.
As of the time these lines are written, 72 hours post initial outbreak, the number hit over 800,000 attacks"
“We’re seeing >1,000 attempted exploits per second. And payloads getting scarier. Ransomware payloads started in force in last 24 hours”
"If you’re a casual web user, the only thing you can really do at this point is to update your devices and applications when prompted and hope that the platforms you’re relying on are speedy enough to identify the vulnerabilities, conjure up patches, and push out updates"
What do I mean by Russia's best bet? As put by Chief of General Staff Gerasimov:
“information resources have become one of the most effective weapons. Their wide use allows in a few days to shake the situation in the country from within”
Or by Colonel General Zarudnitsky, head of the Military Academy:
“undoubtedly, the psychological weapon is the weapon of tomorrow”
The Russian security council just published their new National Security Strategy.
Here coms some reactions, questions-disguised-as-comments, guesstimates and other good stuff -->
1. RU is fearing the West for protecting their hegemony through aggravating Russian internal stability, destroying their economy, and traditional values.
All of this is known materia, but important to emphasize that RU internal problems are constructed as foreign efforts.
2. In this, however, the Kremlin are apparently feeling that they're doing well. They assert that "social cohesion is increasing" but that the increasingly need to protect moral values and social activity.