Log4j vulnerability attack explained in simple terms

If you ask a cybersecurity professional to name the most widespread vulnerabilities in recent years, the answer is probably Log4j.

This critical vulnerability, also known as Log4Shell, has devastated and continues to damage businesses that depend on online transactions. Since Log4j v1 reached EOL in 2015, Log4j v2 has been around for over six years. As all versions except 2.12.2 show vulnerabilities, concerns in the technology and security industry are undoubtedly increasing. In this article, we will discuss why the Log4j vulnerability has become such a major problem with some measures to prevent it.

What is Log4j?

Log4j is a logging utility in the Apache server program maintained by the Apache Software Foundation (ASF). Apache, which is a free and open source software by large, medium and small businesses, uses this utility to configure a wide range of applications required to run an Apache server efficiently. The basic functionality of Log4j is to log data used by developers for debugging purposes.

What is the Log4j vulnerability?

To name the type of vulnerability that Log4j has, it will be RCE. RCE is Remote Code Execution where a hacker executes a malicious code or program remotely on the server to gain unauthorized access to damage the system or steal information about the company. Log4j is represented as a zero-day exploit, and the Common Vulnerability Scoring System CVSS ranked it with the highest severity. This vulnerability, rated 10/10 under CVSS, shows its potential impact on any enterprise organization. This security loophole can also be used to deploy cryptocurrency miners, keyloggers, and remote access Trojan Orcus to any remote server or personal raspberry pi server.

See also  How to repair Gopro videos

Systems affected by Log4j

The Log4j vulnerability affects multiple systems running Apache Log4j versions 2.0 through 2.14.1, except version 2.12.2. It covers all Apache frameworks such as Apache Druid, Apache Struts2, Apache Solr, Apache Flink, etc. The first company to acknowledge the flaw was Minecraft, which was suspicious of the risk of being compromised in the Java version of the game. Technology providers including Amazon Web Services, VMWare, IBM, Cisco, iCloud, Baidu, Fortinet, and Oracle are affected by the ills of this zero-day vulnerability.

What are the threats?

Log4j is a vendor-independent vulnerability that affects both proprietary and open source software, leaving them open to exploitation. Failure to fix problems can damage a company’s reputation and disrupt business operations.

  • You can reveal sensitive data to blackhats, which will only lower customer trust.
  • Incident response and recovery costs are also skyrocketing, resulting in organizational impacts ranging from crippling attacks to potential data theft and temporary loss of service.

According to experts, this affects numerous applications written in the Java programming language.

  • Attackers can gain control over Thread Context Map (MDC) input data. It can happen if the registry configuration uses a non-default pattern layout with a context lookup or thread context map pattern.
  • Therefore, they can craft malicious input data using a JNDI lookup pattern to perform a powerful DDoS attack.

How to avoid being hacked?

Here are some corrective techniques one may consider exploring to secure their systems.

#1: SOPHOS:

  • Install security patches on the system by updating it to the latest version.
  • Use mitigation techniques such as applying better WAF rules and web filtering to block malicious CVE-2021-44228 requests.
See also  Tesla Hacked: 75000 Employees’ Social Security Numbers, Credit Card Numbers Stolen

#2: CiscoTalos:

  • Disable JNDI by default.
  • Limit the default protocols to Java, LDAP, and LDAPS.
  • Set the Log4j2.enableJndi property to “true”.

#3: Apache Log4j:

  • Use Log4j 1 .x, which is not affected by this vulnerability, and run mitigation techniques for Log4j 2 .x.
  • Those using Java 8 or later should update to version 2.16.0.
  • Remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apahe/loggin/log4j/core/lookup/JndiLookup.class.

#4: CIS:

  • Install a web application firewall (WAF) and set rules that update automatically. This way, your security operations team can focus on minor alerts.
  • List all externally facing devices with Log4j installed on them.

summarizing

The Log4j vulnerability is a remote code execution (RCE) vulnerability that allows a malicious hacker to remotely execute code on an enterprise server running Apache via web requests without any authentication. This approach allows them to control all IT (information technology) and OT (operational technology data) with less effort. OT industries can take a step-by-step approach to mitigate security loopholes and address this vulnerability systematically and efficiently.

Subscribe to our latest newsletter

To read our exclusive content, sign up now. $5/month, $50/year

Categories: Technology
Source: vtt.edu.vn

Leave a Comment