13 Dec 2021
Apache Log4j Zero-Day Vulnerability Discovered
Do you know what a logging library is? What you don’t know could hurt your organization—severely. On Thursday, December 9, a critical zero-day vulnerability affecting many versions of Apache’s Log4j 2 Java logging library was publicly announced. Since then, hackers have been busily scanning the internet for instances of Log4j vulnerable to the flaw, called CVE-2021-44228 and nicknamed “Log4Shell.” On the Common Vulnerability Scoring System (CVSS), an industry standard for assessing the seriousness of a cybersecurity vulnerability, this one has scored a 10.0—the highest possible severity rating.
What does CVE-2021-44228 do? It allows attackers to perform remote code execution. In short, they can run any code they want to and access all information on the affected system or device. That means a hacker using this on vulnerable software in your system could steal data, install malware, lock down your files with ransomware—whatever they want.
What Is Log4j?
Log4j is open-source software for logging the activity of software. Almost all software keeps records of important events and errors—rather than reinventing this function every time, software developers tend to use a solution that’s already readily available, like Log4j. In fact, Log4j is one of the most commonly used logging packages in the world.
Why Log4j Is a Huge Problem
You may be wondering why a bug in software you’ve never heard of is creating such a panic. That’s because it’s used in many major cloud services, applications, and PC games, including Apple iCloud, Cloudflare, and Minecraft. In fact, Java is one of the top programming languages used by businesses, and Log4j is used by a large percentage of Java programs developed for businesses in the last decade. The chances that something on your system, somewhere, uses Log4j is high.
Cybersecurity experts are warning that they’ve already seen evidence of this vulnerability being exploited, as well as a surge in attacks trying to take advantage of the flaw. It’s also scarily easy for hackers to use—in Minecraft hackers could use chat boxes to enter malicious code, for example, because a log entry was created to archive each message. Now IT teams are scrambling to figure out exactly where this ubiquitous piece of software is creating holes in applications in widespread use before malicious actors do.
Fast Action is Critical
Zero-Day Vulnerability Discovered
Log4Shell affects every version of Log4j between versions 2.0 and 2.14.1. Apache has patched the vulnerability in version 2.15.0, so the race is on to get Log4j updated faster than hackers can sneak into the systems. The problem is that this isn’t like updating to the latest version of Microsoft Office—you may not even know where in your system this code is embedded. In the meantime, an unpatched version is like leaving the welcome mat out for cybercriminals.
At Petronella, our SOC team immediately began working with other teams around the globe to gather telemetry on active exploits of Log4Shell and had early detections in place on Friday, December 10. On Saturday, December 11, high confidence indicators were being investigated that allowed our XDR platform to detect and block exploit attempts. We now have Indicators of Compromise, Tactics Techniques and Procedure detections, and Threat Intelligence that lets us detect and block attempts to exploit the vulnerability and gain command and control and that lets us detect exfiltration attempts from compromised machines. Our SOC team is continuing to work with other teams worldwide to add more detections and mitigations as we learn more.
You can’t fix a problem if you don’t know where to find it. That’s where Petronella Technology Group (PTG) comes in. We have the cybersecurity expertise to take a deep dive into your system and root out vulnerabilities before hackers can exploit them. Don’t take the risk of your business being the next casualty of Log4Shell. Contact PTG today to find out how your company can leverage our advanced AI technology to detect and stop zero-day attacks like this.