Last Thursday, December 9th, a remote code execution vulnerability was discovered in the Apache Log4j 2 Java library. This vulnerability puts any Java-based application or service at risk.
As cybersecurity teams know, threat actors are always actively scanning the internet for vulnerable systems to exploit and gain control of those vulnerable systems.
Any company that doesn’t take care of the zero-day vulnerability dubbed Log4Shell or LogJam will be vulnerable to attackers obtaining access to their systems.
The zero-day vulnerability enables attackers to gain access to and control log messages and execute code, which means cyber criminals can place harmful malware on your server using remote code execution (RCE) if your application is running on the vulnerable version of Log4j.
In addition to attempts being made to exploit the flaw, there have been new versions of the exploit introduced in the mix too. This opens up hundreds of alternative ways cyber criminals can use the vulnerability to their advantage.
One of the ways cyber criminals are leveraging the Log4j vulnerability is installing cryptocurrency-mining malware on Microsoft servers that are unpatched.
Cybersecurity Checklist For Log4j Vulnerability
Update your Log4j library now.
- You want to install and upgrade all of your applications and services that use Logj4 to the newest version, 2.15.0 – https://logging.apache.org/log4j/2.x/download.html, which will patch the vulnerability.
- If you are not able to upgrade your systems, set the MsgNoLookups attribute to “True” for versions 2.10 or higher to prevent attackers from checking the log event messages.
Check for the vulnerability.
- You have different Log4j detection systems that have been developed since the exploit came about. Open-source tools and recommendations are easily found within the cybersecurity community.
- Here is a link with some code examples for searching for the exploitation attempts on GitHub Gist – https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b.
Apache Log4j versions at risk.
- Apache Log4j versions 2.0 to 2.14.1 have the Log4j vulnerability.
Applications at risk.
- Enterprise applications, cloud services, and web applications use library and web apps are likely targets since they are more vulnerable to RCE attacks.
- Keep in mind that most of Java applications use the Log4j library. This means companies can experience a cyber incident even from a non-critical or unexpected application.
Technology providers at risk.
- According to a GitHub source (https://github.com/YfryTchsGD/Log4jAttackSurface), the technology providers affected by the Log4j vulnerability are Apple, Tesla, Amazon and Cloudflare, to name a few.
- On the same GitHub source, you find the impacts of the Log4j vulnerability. So far there are 35 technology manufacturers and components listed.
Log4j vulnerability critical level.
- According to the Oracle Security Alert Advisory who determines the CVSS (v3.1) score for Log4j vulnerability, it is 10.0 out of 10.0, which indicates high criticality.
- The Log4j vulnerability is remotely exploitable without the need of authentication, which means that any cyber criminal can access it on a network without requirements such as login data or authentication, or any other types of credentials.
- Once access is gained by threat actors, they can take data and deploy ransomware to the vulnerable system. Due to the fact that millions of applications and services use the logging system, it makes it that much more dangerous.
- Also, the code to exploit the vulnerability is simple. All they need to use is a single line of code to start communication between the vulnerable system and the external host. From that moment on, cyber criminals are in.
- The Equifax data breach in 2017, is a perfect example of what you can think of and if organizations don’t tend to the vulnerability sooner than later, there could be similar large data breaches.
If you need additional support to manage the Log4j vulnerability reach out! Our cybersecurity experts are here to help. Schedule your free consultation here: https://calendly.com/ncxgroup
Photo courtesy of alphaspirit.it