On 10th December 2021, a critical software vulnerability identified as CVE-2021-44228 was uncovered as a serious cyber security threat. This vulnerability, better known as the “Log4Shell” vulnerability, spread at an alarming rate, causing various companies, products, and systems around the world to be affected.
Applications and products that use Java will commonly use the Log4j library to create log entries. If a device is running certain versions of Log4j 2, this Log4Shell vulnerability will enable cyber-attackers to remotely take control of that device.
In this article, we’ll share some quick facts and what you need to know about this cyber security threat – the Log4Shell vulnerability.
Log4Shell is a serious cyber security threat that is currently being exploited by executing ransomware or cryptocurrency miners through Apache Log4j 2, a common library for logging error messages in Java-based applications and products.
The Log4Shell vulnerability was given the highest-level severity score – a CVSS score of 10 out of 10 – by the Apache Software Foundation (publisher of the Log4j 2 library). This is due to the vulnerability’s potential for widespread exploitation and how easily malicious cyber-attackers can misuse it.
This cyber security threat is particularly concerning because the Log4j library is largely used in numerous applications and infrastructure by many organizations and businesses worldwide, either directly or indirectly (through a third-party). This massive usage of Log4j includes some of the more popular software applications delivered by tech giants like Apple, Google, Microsoft, and many more.
The Log4j 2 library communicates with various sources and internal directory services. This creates vulnerable access points for cyber-attackers to enter. Once these access points are breached, the cyber-attackers can then:
The way these cyber-attackers exploit this Log4Shell vulnerability depends on the specifications of the targeted or affected systems. Reports by Microsoft have shown that many malicious activities have been targeted towards systems secured by fingerprint authentication.
As the list of affected companies and products continues to grow, so do the possibilities for malicious activities caused by exploiting this Log4Shell vulnerability. Much like a burglar who has keys to the front door of your house and the combination to the safe inside, cyber-attackers can readily execute any codes or commands on the compromised systems, gaining full access to the system and all the files and data in it. A serious cyber security threat to deal with.
Laptops, desktops, and mobile devices that are running Log4j within their systems may be vulnerable, but they are not generally at risk of the Log4Shell vulnerability. The most susceptible systems and services targeted by cyber-attackers are servers, web-based applications and internet-facing services that are running Apache Log4j versions 2.0 to 2.14.1.
Today, technology companies known to be affected by this cyber security threat include Amazon, Apple, Checkpoint, Cisco, Citrix, CloudFlare, Google, IBM, Juniper, Kaseya, Microsoft Azure, Okta, Palo Alto Networks, Solarwinds, and VMware.
Software applications are composed of microservices and other third-party components which are also composed of their own smaller third-party components. Due to this advanced software architecture, without the proper expertise, it is almost impossible to determine which applications are affected by the Log4Shell vulnerability.
For the tech-savvy guys who prefer to dabble, here are some quick fixes that can be done:
Alternatively, a safer, more convenient, and worry-free solution to mitigating the Log4Shell cyber security threat is to seek help from a good cyber security company. Read our article on A Complete Guide To Managed Cyber Security Services to find out more about what cyber security service providers can do for you.
Adventus is a top Cyber Security Solutions & Services Provider with our own Security Operations Centre (SOC). Our efficient SOC team is diligently monitoring, detecting, and responding to any cyber security risks or threats in our customers’ environments.
In the case of this Log4Shell vulnerability, Adventus can help by performing a thorough scan of your IT environment to identify this cyber security threat, and recommending the best course of action to mitigate the risks. Get in touch with us now to better detect, prevent and eliminate your company’s exposure to cyber security threats like Log4Shell.