As you may have seen on the news, on December 9th, 2021, a zero-day exploit was observed targeting Log4j, a ubiquitous open-source logging tool. In short, Log4J is a logging tool for programs to track any errors that may occur within an application. The bug (known as Log4Shell) has affected thousands of various systems across the world including vendors such as Cisco, VMware, Twitter, Amazon, Google Cloud, IBM, and Microsoft. Though the vulnerability was announced recently, experts believe that hackers have been exploiting it since the beginning of the month, with the announcement inadvertently resulting in a surge of attacks. The Cybersecurity & Infrastructure Security Agency estimates that hundreds of millions of devices are likely affected, with some officials stating that this is one of the most serious threats they’ve seen in their career.
The discovered vulnerability, which has existed for approximately 8 years, allows a hacker to remotely take over a computer using this software, and in some cases, it is as easy as posting a certain message in a chat box, as was the case with Minecraft. Now, hundreds of attempts to exploit it are being launched every minute, as hackers attempt to gain money and sensitive data through cryptomining malware and installing Cobalt Strike. The ubiquitous nature of Log4j makes the bug much more dangerous and likely longer-lasting than other software vulnerabilities because many organizations may not even be aware that the system is part of their network.
So, what does this mean for you? The good news is that most of the affected applications are cloud-based applications, which makes it easier for companies and developers to update the component without having to touch millions of end-users’ devices. Software vendors will be applying these patches as soon as they become available. Additionally, look out for notifications from trusted sources that inform and allow you to update potentially vulnerable systems, as these updates should include a patch.
Should you have any questions about this vulnerability, please feel free to reach out to us at sales@perusity.com.