Cybersecurity Threat: “Log4Shell Vulnerability” Explained

On 10th December 2021, a critical software vulnerability identified as CVE-2021-44228 was uncovered as a serious cyber security threat. This vulnerability, better known as the “Log4Shell” vulnerability, spread at an alarming rate, causing various companies, products, and systems around the world to be affected.

Applications and products that use Java will commonly use the Log4j library to create log entries. If a device is running certain versions of Log4j 2, this Log4Shell vulnerability will enable cyber-attackers to remotely take control of that device.

In this article, we’ll share some quick facts and what you need to know about this cyber security threat – the Log4Shell vulnerability.

What is Log4Shell?

Log4Shell is a serious cyber security threat that is currently being exploited by executing ransomware or cryptocurrency miners through Apache Log4j 2, a common library for logging error messages in Java-based applications and products.

The Log4Shell vulnerability was given the highest-level severity score – a CVSS score of 10 out of 10 – by the Apache Software Foundation (publisher of the Log4j 2 library). This is due to the vulnerability’s potential for widespread exploitation and how easily malicious cyber-attackers can misuse it.

How Does the Log4Shell Vulnerability Cause Damage?

This cyber security threat is particularly concerning because the Log4j library is largely used in numerous applications and infrastructure by many organizations and businesses worldwide, either directly or indirectly (through a third-party). This massive usage of Log4j includes some of the more popular software applications delivered by tech giants like Apple, Google, Microsoft, and many more.

The Log4j 2 library communicates with various sources and internal directory services. This creates vulnerable access points for cyber-attackers to enter. Once these access points are breached, the cyber-attackers can then:

  • Remotely access the entire network or system.
  • Take broad control of compromised networks or systems.
  • Input any commands to trigger a force download and execute dangerous codes from malicious sources.
  • Install and execute ransomware.
  • Remotely access any files and data.
  • Steal system credentials.
  • Exfiltrate, delete or encrypt any files and data.

The way these cyber-attackers exploit this Log4Shell vulnerability depends on the specifications of the targeted or affected systems. Reports by Microsoft have shown that many malicious activities have been targeted towards systems secured by fingerprint authentication.

As the list of affected companies and products continues to grow, so do the possibilities for malicious activities caused by exploiting this Log4Shell vulnerability. Much like a burglar who has keys to the front door of your house and the combination to the safe inside, cyber-attackers can readily execute any codes or commands on the compromised systems, gaining full access to the system and all the files and data in it. A serious cyber security threat to deal with.

What Devices & Applications are Vulnerable?

Laptops, desktops, and mobile devices that are running Log4j within their systems may be vulnerable, but they are not generally at risk of the Log4Shell vulnerability. The most susceptible systems and services targeted by cyber-attackers are servers, web-based applications and internet-facing services that are running Apache Log4j versions 2.0 to 2.14.1.

Today, technology companies known to be affected by this cyber security threat include Amazon, Apple, Checkpoint, Cisco, Citrix, CloudFlare, Google, IBM, Juniper, Kaseya, Microsoft Azure, Okta, Palo Alto Networks, Solarwinds, and VMware.

How Can You Mitigate This Cyber Security Threat?

Software applications are composed of microservices and other third-party components which are also composed of their own smaller third-party components. Due to this advanced software architecture, without the proper expertise, it is almost impossible to determine which applications are affected by the Log4Shell vulnerability.

For the tech-savvy guys who prefer to dabble, here are some quick fixes that can be done:

  1. Apply patches to any internet-accessible systems.
  2. If there are no patches available now, immediately remove the systems from the internet (but do proceed with caution).
  3. Identify the affected systems (which can be a rather tedious and thorough process).

 

Alternatively, a safer, more convenient, and worry-free solution to mitigating the Log4Shell cyber security threat is to seek help from a good cyber security company. Read our article on A Complete Guide To Managed Cyber Security Services to find out more about what cyber security service providers can do for you.

Cyber Security Solutions & Services Provider – Adventus

Adventus is a top Cyber Security Solutions & Services Provider with our own Security Operations Centre (SOC). Our efficient SOC team is diligently monitoring, detecting, and responding to any cyber security risks or threats in our customers’ environments.

In the case of this Log4Shell vulnerability, Adventus can help by performing a thorough scan of your IT environment to identify this cyber security threat, and recommending the best course of action to mitigate the risks. Get in touch with us now to better detect, prevent and eliminate your company’s exposure to cyber security threats like Log4Shell.

Recent Posts

Contact Us

Speak to us about your IT needs

Schedule an Appointment

Consult with our Enterprise Account Managers and Specialists