As of Tuesday, December 9th, more than 100 hacking attempts were occurring per minute to Log4j, commonly referred to the Apache Log4j 2 Vulnerability or CVE-2021-44228.
Log4j is one of the most popular logging libraries used online with companies like Apple, IBM, Oracle and Amazon as users.
Organisations like Cisco, IBM and VMware are reporting susceptibility to date. Even the Mars Helicopter was reported as threatened by Log4j bug!
Hundred of million devices have access the service as it appears in popular apps and websites.
What is Log4j?
Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
Log4j gives software developers a way to build a record of activity to be used for a variety of purposes, such as troubleshooting, auditing and data tracking. Because it is both open-source and free, the library essentially touches every part of the internet.
It is widely used!
What is Log4j bug or CVE-2021-44228 vulnerability?
CVE-2021-44228 is a remote code execution vulnerability that is affecting multiple versions of the Apache Log4j 2 library. This vulnerability is being actively exploited. Last week, Minecraft published a blog post announcing a vulnerability was discovered in a version of its game — and quickly issued a fix.
Hackers can gain easy access to a company’s computer server, giving them entry into other parts of a network. It’s also very hard to find the vulnerability or see if a system has already been compromised
Even when remote code execution exploitation is not possible it is often possible to extract sensitive information from environment variables via a DNS request.
A huge variety of systems are affected and unfortunately an affected products list is evolving.
An attacker using a Log4j exploit can remotely execute code that, once deployed, can grant the attacker full server control, making the flaw a critical and widespread cybersecurity threat. Proof-of-concept Log4j exploit examples are currently available, and attackers are actively targeting vulnerable systems.
The Welltel team has been closely monitoring public attack vectors and has the tools for a comprehensive detection to assist all clients – across all scans and profiles.
Current features include:
- Detection via HTTP servers and intermediaries by injecting into parameters, paths and headers.
- Payload obfuscation to evade some flawed filters deployed via Web Application Firewalls and Cloud Security solutions.
- Multiple protocol handler support; dns, rmi and ldap by default.
- Detection via Web Application Scanning and Infrastructure scanning.
How to protect your company against CVE-2021-44228 threat?
Log4J is included in many enterprise apps, websites and products and the threat is evolving as some patches have been insufficient to date. You may be affected even if you do not believe you run Java. Read here to learn more.
Diagnosis and ongoing review is key! Make sure to update devices, software and apps when prompted over the coming days, weeks with the right cybersecurity software.
Welltel security experts are here to help any queries including the diagnostic tools that can test your vulnerability across the company and help you secure your company.
Learn more about our expertise in Vunerability and Patch Management here
Request a demo today!