Explainer | What is Log4j aka Log4Shell and what you can do till it is fixed

Log4Shell allows threat actors remote access to your network

Cybersecurity firm Check Point Research have said that they noticed attempted exploits of the newly discovered Log4J vulnerability on more than 44% of corporate networks worldwide.

Worse, experts are of the opinion that the vulnerability could allow attackers to steal data. What many have described as the most critical vulnerability of the last decade, has taken over the internet by storm.

The exchange of data is commonplace on the internet. Servers talk to one another all the time, whether to help you buy something you like by validating transactions, or cross-checking your credentials when you log in to a service.

Log4J is a logging utility built for the Java programming language, so if your organisation uses something that runs on Java, chances are they are using the Log4J library. Here is the scary part, Java is commonplace on thousands of different services and platforms.

These include technology heavyweights like Google, Apple, LinkedIn, Twitter, Amazon, even gaming clients like Steam. This vulnerability puts them all at risk of losing data or exploits that let hackers control these systems.

It also allows remote execution over a network, which means a hacker can simply run a task and install spyware or ransomware on to an unsuspecting network.

As we continue to monitor threats taking advantage of the CVE-2021-44228 Log4j 2 vulnerability, we’re seeing activity ranging from experimentation to exploitation from multiple groups, including nation-state actors and access brokers linked to ransomware: https://t.co/WWSxGvaiDy

— Microsoft Security Intelligence (@MsftSecIntel) December 15, 2021

Also read: Log4j vulnerability affecting iCloud, Steam, Minecraft discovered; US govt issues warning

Improper Input Validation. Think of it like placing too much trust on someone, so much that you open yourself up to potential attacks.

An attacker will supply tampered data that will show up in the logs of a network. This data is the ticking time-bomb that will allow the hacker to infiltrate the server on which the logging takes places on.

Once under his control, he can simply run commands and execute malicious software in the background or gain access to a data server, from which he can steal information.

Worse, the hacker not only sends the initial data attack on the logs but he can also choose the format and the content of that data, if required.

The hacker can also trick Java into accepting an unknown connection from a remote network. Threat actors only need to know the correct format for the logs they send, and once executed, they can simply replace the target of the data a server generates.

This means transactions, login credentials, user input data will all be sent to a server that is outside of your network. Conversely, this can also be used to run malicious code remotely on your network.

Also Read: Cybersecurity firms in a tizzy over Log4j; here's why businesses, consumers should be worried

Cybersecurity companies and Java is already on the job, and are releasing patches to fix the vulnerability as quickly as they can.

As a network administrator, it is top priority that you patch all the servers post haste with the latest patches but if you are in a situation where you can't patch a system, then check your IPS rules, Firewall rules and filter any CVE-2021-4428 data from outside.

“As fixing and deploying cloud applications can be fast, updating libraries that use Log4J can break functionality unless done with caution," says (via Help net security) Micheal Assraf, CEO of vulnerability remediation company Vicarius.

"The most problematic fixes are internally deployed software, which will have to wait for a vendor update or a security patch, in that scenario customers are advised to wait on further vendor guidance and as of right now are helpless in reacting. Examples include: Elasticsearch, Intellij IDE, Jira Confluence, Apache Tomcat, Minecraft, Apache Hadoop, Eclipse IDE, and many more,” adds Assraf.