A critical security vulnerability found in software widely used in most Internet servers has raised alarms among cybersecurity experts and major corporations to address a critical flaw that hackers were actively using to try to breach networks. On the 9th of December 2021, many media outlets that a remote code execution (RCE) vulnerability was found in a Java-based open-source logging library known as ‘Log4j’, developed by the Apache Foundation. However, there were several reports from November 2021 indicating that hackers may begin exploitation of the flaw. But the issue has only come to light around mid-December.
This vulnerability in Java-based software called Log4j is used by many large organizations such as Apple’s cloud computing service, security firm Cloud flare and one of the world’s most popular video games, Minecraft, IBM, Oracle, Cisco, Google, Amazon and more to configure their applications. Hackers can exploit the vulnerability to gain access to an organization’s computer server relatively easily. After that, attackers could devise other ways to break into an organization’s network. The situation escalated when a tool for exploiting the Log4j vulnerability was released publicly on GitHub, a software repository. That provided malicious hackers with a potential roadmap for exploiting the vulnerability to compromise devices.
So, what is Log4j What does Log4j do? How does Log4j vulnerability work? Why is Log4Shell so dangerous? What can you do to protect yourself from the Log4j Log4shell issue? In this blog, we will present information about Log4j vulnerability and the things you need to know.
What is Log4j?
What does Log4j do?
Why is Log4Shell so dangerous?
- The vulnerability is trivial to exploit, with dozens of weaponized exploits available on GitHub and elsewhere.
- Log4j is one of the most prominent and prevalent Java logging frameworks. Almost 7,000 Maven artifacts rely on log4j-core (the vulnerable artifact), and countless Java projects use it.
- An attacker can exploit this vulnerability by bombarding random HTTP servers with requests or alternatively, an attacker can brute-force a specific web app by filling all available HTML input fields with a payload string by utilizing automated tools such as XSStrike.
- Even though the vulnerability is context-dependent since arbitrary user input must reach one of Log4j’s logging functions, this is an extremely common scenario. Most logging scenarios usually contain user input as part of the log message. Since such input is considered very safe, it is rarely sanitized.
Are hackers already taking advantage of it?
Check Point, a cyber-security software company, reported in a blog post that hackers sent out 60 variations of the original exploit in 24 hours. The exploit has already been used to breach nearly half of all corporate networks around the world, according to Check Point.
Furthermore, Cybersecurity company Akamai Technologies Inc. reported in the blog Threat Intelligence on Log4j CVE that across the Akamai network, it has witnessed traffic from 1.3 billion unique devices daily, with a record traffic of 182 Tbps. Akamai reports that hackers are targeting retail more than any other sector and a number of attacks have also targeted the technology, financial services, and manufacturing industries. Microsoft confirms it has observed several threat actors exploiting the CVE-2021-44228 vulnerability. Cybersecurity firm Sophos reported that this vulnerability was also being exploited for crypto mining purposes.
What can you do to protect yourself from the Log4j Log4shell issue?
How are tech companies trying to address the Log4j issue??
Vendors with vulnerable versions of Log4j have taken significant steps to eliminate this risk by developing workarounds, patches and updating their products.
Defend your enterprise network against sophisticated cyber-attacks with Sparity’s most advanced security, real-time prevention, and the world’s most advanced security gateways. Sparity’s technical support teams are available for you 24/7 and we are all at your service to make sure you’ll stay protected.