Log4j: A Critical Vulnerability Affecting Millions of User Devices

Boons come along with banes and one cannot deny the reality that the cyber-world will always be vulnerable to the risks and dangers posed by advancements in technology.

Exploits, malicious attacks, data thefts, and dangers are a part of cyberspace and are increasingly becoming prevalent. A recent example of this is proved by a critical vulnerability, Log4jShell, found in the Apache Log4j tool that has adversely affected millions of computer devices.

Apache Log4j is a logging library that is used to save and record information in Java-based applications, including web apps.

Log4j is used globally across online services and software applications and as it requires very little expertise to exploit, the Apache log4j vulnerability has become one of the most severe computer risks that can compromise the security of data in all those devices that make use of this open-source logging library.

The log4j Vulnerability Exploit

The recently discovered log4j critical vulnerability is rated 10 on the CVSS scale, indicating the highest severity, and possibly leading to remote code execution on the servers using vulnerable software systems.

The exploit for the log4j security vulnerability, named CVE-2021-44228, was published on December 9, 2021, making it a ‘zero-day’ vulnerability.

An attacker simply needs to cause the application to save a special character or a string in the log to exploit the vulnerability and be successful in his criminal deeds. And as users play a key role in logging messages, information (sent or received), and system errors, they must be aware of computer activities being executed from the security point of view.

“As the Log4jShell vulnerability can be easily triggered in a variety of ways and the use of Java and its packages is widespread, it has become a serious vulnerability that needs an immediate cure.”

https://twitter.com/MalwareTechBlog/status/1469289471463944198

How?

The exploit took the ground as it requires no authentication and a malicious attacker can control the log message parameters or execute code from LDAP servers on enabling lookup substitution.

“The Log4j processor handles the log messages. If a cybercriminal sends a specially crafted message, they could remotely execute code. This vulnerability could be actively running.”

Furthermore, what makes it easy and certainly possible for the vulnerability to get exploited is the acceptance of user requests (that may include a specially crafted input) to be logged into the Log4j library.

As different applications have different ways to accept user input, the malware injection becomes effortless for hackers, making the exploitation trivial.

The Impact: Worldwide

Apart from Java-based applications, the other Java components and development frameworks are at risk due to this exploit that relies on Apache Druid, Apache Kafka, Apache Solr, Apache Flink, Apache Struts2, and many others.

17000 packages were affected by the Log4j-core that forms 4% of the ecosystem. Next, this widespread vulnerability accounted for 8% of the Maven Central repository.

One log4j vulnerability example is the popular attack on Minecraft servers, which has been witnessed by the world where these servers were hacked using a simple message in the game’s chat. The bad actors took control of the player’s computers and held the brand’s server hostage.

The Solution

While this vulnerability exposure has left IT experts and businesses in shock, there are a few tips to consider while the exact fix of the Log4jShell is found. To be on the safer side, it is highly recommended to get the software systems, applications, and products updated to the latest version of the Log4j library.

Next, users must be strenuously careful about any tricky messages or unusual activities and messages being received in the products or applications as this vulnerability is at a high probability to get exploited once the user requests are accepted to be logged in the library that contains the bad code.

Additionally, check if the vendor or provider has shared any advisories regarding the threat. Run robust antivirus systems, use long-form complex passwords (and manage them through a password manager) and be aware of what is presented to you via your computer or other devices.

[Update 12/15/2021]:
The Log4j team has released version 2.16.0 as version 2.15.0 did not fully address the vulnerability, which could allow an attacker to cause a denial of service.

[Update 12/20/2021]:
The Log4j team has released a new version 2.17 that addresses the high severity vulnerability, mitigation measures can also be used.

For versions before 2.10, this can be mitigated (to an extent) by setting the system property log4j2.formatMsgNoLookups = true

Is Your Business Prepared to Fight the Cyber Vulnerabilities?

The web world is full of risks and threats that pose hefty dangers to an organization’s crucial data and its security posture. Now and then, hackers are up with finding and implementing new ways of attacking a business’s IT network with an all-new intrusion.

CodeGlo’s IT Security Experts make sure that your valuable business data doesn’t become vulnerable and keep you updated with the latest vulnerabilities and security measures to adopt to stay aware and prepared for combat.