THE LOG4J VULNERABILITY
A security breach that is freaking out the internet

Security experts have described the Log4j vulnerability as one of the most serious ever. Earlier this month, information security experts learned about a zero-day vulnerability in Apache Log4j, a widely used Java logging library that could be exploited to remotely execute code.

Share on facebook
Share on twitter
Share on linkedin

What do the experts say?

Defence officials have issued a serious warning, directing federal agencies to eliminate the bug as soon as possible, as it is so easy to exploit. Because of this they have issued a recommendation to install firewalls if necessary. There is usually only a small amount of affected software, and it is often undocumented. As the top official for cybersecurity defence in the United States, Jen Easterly, told state and local officials as well as private sector partners in a phone call on Monday, that the flaw was one of the most serious she’d encountered in her career. It is very easy to access without a password, as a result it is catnip for cybercrime and digital spies.

 

What is Log4j?

Security experts say Log4j is among the most popular logging libraries on the web. Developers can use Log4j to create records of activity for a variety of uses, including troubleshooting, auditing, data analysis, and tracking. Therefore as a free and open-source library, it affects every aspect of the internet. According to the Chief Research Officer at a cybersecurity organisation, “Despite not directly using Log4j, you may still be running infected code via an open source library relying on Log4j.” Furthermore, several companies run the software, including Apple, IBM, Oracle, Cisco, Google, and Amazon. These vulnerabilities could be found in popular apps and websites around the world, exposing hundreds of millions of devices that access these services.

Where is Log4j used?

Log4j is used as a part of Apache frameworks such as Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and Apache Swift. The Log4j 2 library is used in enterprise Java software and according to the UK’s NCSC it is included in Log4j 2.

What is the Log4j vulnerability?

Log4j was found to have a vulnerability last week and is widely used by apps and services. An attacker can hack systems, steal data, collect passwords, and infect networks with malicious software if left unattended. The vulnerability is exploitable with very little expertise due to Log4j’s widespread use across software applications and online services. Consequently, Log4shell is one of the most severe computer vulnerabilities seen in years.

Business impact when the vulnerability Is exploited

Cisco and Cloudflare researchers have found that hackers have been exploiting this vulnerability since the beginning of the month. Therefore due to the nature of the vulnerability the range of impacts is quite broad. To keep track of what happens within an application, developers use logging frameworks.

Some of the major tech players have already discovered that they face security risks. This includes Amazon Web Services, Microsoft, Cisco, Google Cloud, and IBM. They have issued fixes immediately and are advising customers about how to proceed.

It is still too early to determine the extent of the exposure. It will take a longer time for less conscientious organisations or smaller developers to combat the Log4Shell threat. A log is almost always required by software (for development, operations, and security purposes), and Log4j is one of the most popular components used for logging.

You probably use Log4j in some way every day, whether it’s with your phone, computer, or tablet. If you want to protect yourself and your organisation, you should always keep your mobile devices and apps as current as possible and update them regularly, especially over the next few weeks.

Log4j may not be immediately apparent to organisations what web servers, web applications, network devices, and other hardware and software they use. As a result, each organisation must heed our advice and that of your software vendors, and take the necessary mitigation steps.

The security vulnerability impact on the internet

The game’s developer announced a vulnerability in a blog post last week and released a fix for the issue. Moreover similar action was taken by other companies. Cloudflare, IBM, Oracle, Amazon Web Services, and AWS have issued advisories to customers outlining possible security updates or patches.

“In comparison with traditional major vulnerabilities, this is a serious problem, but patching it is not as easy as hitting a button. It will require a lot of work and time,” Kennedy said.

In an effort to increase transparency and cut down on misinformation, CISA plans to establish a public website listing the software products affected by the vulnerability and how hackers exploited them.

How to remain safe from this vulnerability?

Organisations affected by the Log4Shell issue should upgrade to Log4j version 2.16.0, released by Apache on December 13. To mitigate the bug, the company rolled out version 2.15.0, however, that version included an unpatched vulnerability that could lead to denial of service attacks. Apache recommends upgrading to Log4j 2.12.2 if you’re still using Java 7.

Piazza explained that “Simply updating Java is not enough to address the bug. In our early analysis, we believed updating Java would reduce the severity of the vulnerability, which is simply false. Additionally, it is important to check with software vendors to see if they make use of log4j, and if so, whether they have already released patches.”

To combat the vulnerability, third parties have also released patches and tools. Among the companies that have released patches are Cisco, Oracle, and VMware. Organisations can run WhiteSource Log4j Detect to identify and resolve Log4j vulnerabilities using a free developer tool from the open source security provider WhiteSource.

It’s safest to assume a breach when an organisation is using Log4j or a program that uses the library, Piazza said. A company should contact an incident response firm if they believe they have already been breached, and they should remove all physical access to the database server.”

Conclusion

One security company claims that over 40 percent of corporate networks have been targeted by hackers. According to security experts, there have been hundreds of thousands of attempts to find vulnerable devices. Keeping that in mind, managers of organisations and tech firms should take proper measurements to mitigate this Apache vulnerability. If ignored it may harm the integrity, confidentiality, and financial matters of the particular company.

Explore the site

More from the blog

Latest News