Log4j Vulnerability - Infraon

Everything we want you to realize about the impact of Log4j vulnerability

The tech industry has been scrambling to set the major security flaw in logging software to rights. The Apache Log4j vulnerability caught security teams across the globe entirely off guard. This vulnerability is easy to exploit, giving the threat actors a simple way to control Java-based web servers and launch code execution attacks. Log4j is a Java logging library with over 400,000 downloads from its GitHub project. The Log4j library is embedded in most of the applications or Internet services, including Microsoft, Minecraft, Amazon, Twitter, and many more. And new variations of the original exploit have also been seen – more than 60 of them within 24 hours. 

While the first attack was seen coming from Minecraft, where threat actors took over the game’s servers before Microsoft could patch the problem. According to findings, the bug is considered a zero-day vulnerability. It means that the industry did not have a patch ahead of an exploit. Seen as one of the worst vulnerabilities on the Internet, the potential for damage is incalculable. It emerged as one of the most urgent challenges for cyber security firms.

Who is affected by Log4j?

The most affected are those who use the Log4j logging library in open-source software or any enterprise. Since the logging library is free, it is highly popular. Unfortunately, the trade-off for being free is that only a few people maintain it. So, the companies affected by the exploit have to manage the patch fixing themselves. Advisories came from companies such as AWS, Oracle, IBM, Microsoft, etc., alerting their customers to the bug and the progress of developing patches. 

Typically, devices using a web server like smart TVs, security cameras may be using Apache. Some of them are still in the warehouse and unconnected to the Internet. These devices do not get security updates, and it is when they are connected, they become vulnerable to attack. 

Is the Log4j vulnerability a big deal?

It is a huge deal because the vulnerability can open up a host of possibilities for security compromises if exploited. So far, the activity detected by the CISA has been low level and mostly involved crypto mining. Crypto mining or cryptojacking gives control to hackers as they can take over the target computer with malware and mine them for cryptocurrencies. 

Another potential impact will be the remote employees working from home as company data may become compromised if personal devices are used. Additionally, with the holiday season, there may not be enough workforce to respond to serious cyber-attacks. 

Log4j has become known as the worst hack in history. However, the impact can be less severe if companies work quickly and roll out patches to cut down on potential problems. With the drastic effect Log4j is having on our software applications, customers may begin to reconsider using free software on their devices. At this time, cybersecurity experts have been working to patch the first attack – CVE-2021-44228. 

But, on Tuesday, 14.12.2021, a second vulnerability came to light, instilling new concerns about attackers crafting malicious data input using a JNDI Lookup pattern. Apache has immediately released another patch – Log4j 2.16.0 – to resolve the second vulnerability.

Can the impact of Log4j be mitigated?

Apache continues to work on the problem, and security firms are handing out instructions on administering the fix. This fix involves disabling JNDI functionality by default or removing support for message lookup patterns. With over a dozen groups in various parts of the world exploiting these vulnerabilities, immediate action becomes urgent. Companies must use either patch, remove JNDI by default, or take it out of the class path. Even better would be to take all three steps.

International security companies have been monitoring the exploitation and finding that the volume of detections indicates that it is a large-scale problem. Too many enterprises are experiencing the impact as attackers are targeting physical servers, IP cameras, manufacturing devices, and virtual servers. Even attendance systems have not been left untouched. 

To conclude

Cyber security companies are working hard to alert their customers and provide mitigation instructions. While the fallout from the Log4j vulnerability is still being seen and could worsen, security firms are ensuring patches and updates are being rolled out to protect their customers’ environment. 

Leave a Reply

Your email address will not be published. Required fields are marked *