Since its discovery in November 2021 and the public disclosure in December of the same year, a team tracking the log4shell vulnerability recorded millions of attempts to exploit the flaw in the Log4j 2 Java library. Said to be the ‘most severe vulnerability ever,’ it scored 10.0 on the NIST’s CVSS v3 calculator. Despite the fact that patches for this vulnerability have now been provided by various vendors, security teams are still struggling to apply them in a timely manner.
Log4Shell is a software flaw in Apache Log4j 2, a popular logging framework in the Java library. An attacker can exploit this vulnerability (CVE-2021-44228) to gain remote control over a device connected to the internet. NIST says an attacker who can control log message parameters ‘can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.’ Apache has wholly removed this functionality from versions 2.16.0, 2.12.2, 2.12.3, and 2.3.1.
On November 24, 2021, security researcher Chen Zhaojun of Alibaba, China's largest e-commerce company, disclosed the vulnerability to the Apache Foundation. The researchers identified the attack on Minecraft servers on December 9. Following subsequent forensic examinations, they revealed that attackers identified the weakness earlier and had been exploiting it since at least December 1, 2021.
The Log4j library is used by many enterprises and organizations in various applications and infrastructure, either directly or through third-party use. The Log4j 2 library is also used in a wide range of network-enabled storage and smart home devices in the consumer market. Since the discovery was disclosed to the public, companies have been posting security statements on their websites detailing what they are doing to address the Log4j vulnerability. Developers advised the companies to install software updates while investigating whether Log4Shell has impacted the organizations that host their sites and the services they utilize. Customers should inquire about the safety measures that suppliers or vendors have put in place to safeguard their data if the impact was felt by either.
By interacting with external sources and internal directory services, Log4j 2 can be exploited by various means, including feeding malicious commands from the outside and forcing it to run malicious programs. The details of the vulnerable system determine how attackers can exploit Log4j 2. Until now, most malicious activities consisted of mass scanning to identify susceptible computers. According to Microsoft research, attackers have used the vulnerability to compromise virtualized infrastructure, install and execute ransomware, steal system credentials, assume broad control of affected networks, and exfiltrate data. As more reports about Log4Shell's exploitability emerge, the options for nefarious action appear to be multiplying exponentially. Malicious actors can run any code on the attacked machine, such as accessing sensitive configuration data. By obtaining this information, attackers might acquire complete control of a device, including its data and apps.
Log4Shell is a zero-day vulnerability since malicious actors most likely discovered and exploited it years before the experts. The Log4j 2 library's pervasiveness makes the log4j vulnerability particularly serious. It can be found in significant platforms ranging from Amazon Web Services to VMware and in services of various sizes. Patching can be a complex and time-consuming operation due to the web of dependencies that affects vulnerable systems and services. The vulnerability's impact is heightened by the ease with which it can be exploited, even an amateur hacker can pull off the strike.
The Log4j 2 library governs how applications log code and information strings. An attacker can manipulate a string and trick the application into requesting and executing malicious code under their control by exploiting this vulnerability. Due to this vulnerability, attackers may be able to remotely take control of any internet-connected service that utilizes specific versions of Log4j libraries at any level of the software stack.
Packetlabs has a long history of helping companies strengthen their cybersecurity defences and keeping their data safe. Contact us today to learn more about how we can help you protect your organization from Log4Shell and other threats.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.