Nightmare Before Christmas – Curated Intel’s Response To Log4Shell

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

 

On late Thursday, 9 December, security researchers warned of a critical vulnerability with wide ramifications. With a CVSS score of 10.0 (Critical), CVE-2021-44228 is a remote code execution (RCE) vulnerability, dubbed Log4Shell. It lies in the Apache Log4j library, a Java-based logging tool that is widely used in applications the world over. This vulnerability allows an adversary who can control log messages to execute arbitrary code loaded from any threat actor-controlled servers.

Although we are currently seeing widespread mass exploitation, Curated Intel analysts anticipate that state actors and ransomware will use Log4Shell in the long-term. This is because a multitude of Internet of Things (IoT) and operational technology (OT) products, like industrial control systems (ICS) and supervisory control and data acquisition (SCADA), all rely on Log4j and are likely to remain unpatched for quite some time. The UK NCSC highlights that Log4j rather than being a single piece of software – is a software component that’s used by millions of computers worldwide running online services. Adding that this “makes Log4Shell potentially the most severe computer vulnerability in years.” (12)

Curated Intel on the Case

Curated Intel is a private trust group of cyber threat intelligence (CTI) and digital forensics and incident response (DFIR) professionals, who share insights and monitor the threat landscape together. Our members come from diverse and varied backgrounds, and having a space to verify information with a 3rd, 4th, or 5th pair of eyes is very useful. This is especially true when a crisis like Log4Shell emerges, where rumors are plentiful and facts are scant.

Curated Intel members first identified the critical vulnerability in Log4j on 9 December and began investigating. After initially being skeptical of the hysteric tweets, we began to see more reports of active exploitation of a 0day in Minecraft. Further research uncovered additional software and platforms Log4j is used by, and we quickly realized the broad impact Log4Shell will have on the Internet as a whole. 

As a community we wanted to raise awareness and alert other members of the issue. Curated Intel is not a large group, but we fortunately have a global membership of helpful and diligent analysts. Curated Intel is just

Read more

Explore the site

More from the blog

Latest News