Log4J Attack – How It’s Disrupting Network Security
By Nick Anderson 5 minutes
A recently discovered vulnerability sent the IT world into a frenzy as they rushed to fix a critical flaw that hackers can and have exploited. It is dubbed the biggest vulnerability of the decade, citing security experts worldwide who sounded the alarm over its potential for destruction. Vulnerabilities in software are nothing new, so what makes the Log4J attack so different?
What is Log4J?
Log4J is a software tool used for logging activities in an application. Logging is used as a monitoring method to determine the cause behind a potential disruption in service. It can give insight into where things went wrong.
Because of its open-source nature, it has been adopted by countless digital systems worldwide. Technology giants such as Microsoft, Amazon, Google are just some of the names who rely on this utility. To say that the use of Log4J is common would be an understatement. According to estimates by security experts, it is used by nearly every other company that provides cloud service in one form or the other.
It is being referred to as “Log4Shell” or “CVE-2021-44228” in the cybersecurity world as experts around the world still struggle to detect what systems use log4J and how to patch log4J vulnerability for good.
Log4J is built on Java and developed and maintained by Apache. When Java is proudly claimed to be present on over a billion devices, it gives you some perspective on the gravity of the situation and just how many devices on the planet are affected.
How Does Log4J Attack Works?
The discovered log4J vulnerability can be exploited for remote code execution. It has been reported that hackers need only use the vulnerability to download the malicious code after it gets logged. One of the workings of log4j is to look for JNDI (Java Naming and Directory Interface) commands and return the requested information from an LDAP server. Attackers are using this vulnerability to insert commands and point them to an address from where to fetch that information. This allows attackers to load remote code onto the server.
It was seen in the popular video game Minecraft where attackers used the chat feature to execute the malicious code on its servers.
Log4J was developed and maintained by Apache Software Foundation, who was the first to receive the warning about the vulnerability on November 24 by the cloud security team at Alibaba. It was made public on December 9.
Since then, two other vulnerabilities have been discovered, known as CVE-2021-45046 and CVE-2021-45105.
Have There Been Reported Log4J Attacks?
The fact about zero-day exploits such as log4J is that you cannot predict if they weren’t used by attackers before. Zero-day refers to the time developers have to fix a critical vulnerability. Once a zero-day vulnerability is made public, hackers rush to exploit the vulnerability for malicious purposes.
Hence, the vulnerability was first reported to Apache privately before it was made public.
Since then, Apache has rolled out multiple patches, but they have introduced more vulnerabilities. Hackers are actively looking for vulnerable systems to exploit. Because not every enterprise pays due attention to cybersecurity and updating its systems accordingly. Patching every vulnerable system in the world will take a long time.
Security researchers have detected several IP addresses scanning the internet for vulnerable systems. Checkpoint detected that an Iranian hacking group – notoriously known as “Charming Kitten” – has attempted to exploit the vulnerability against 7 Israeli government and business sector targets. Likewise, Microsoft detected hacking groups from China, Iran, North Korea, and Turkey.
Cyptominers are largely one of the first malicious programs being targeted for vulnerable systems. We have seen a rise in cryptojacking as cryptocurrency continues to soar in popularity and value. Cryptomining software hijacks a computer’s resources to mine cryptocurrency and makes the attacker richer.
Ransomware is another type of malware that threat actors are increasingly using to target vital organizations such as hospitals and government institutions. As noted by Microsoft’s report, attempts have been made by an Iranian hacking group known as PHOSPHORUS to exploit the CVE-2021-44228 vulnerability to deploy ransomware.
The widespread impact of lo4j has also drawn attention from the U.S government. The Cybersecurity and Infrastructure Security Agency (CISA) and its counterparts in other countries issued an advisory on how to mitigate log4j threat. The agency issued a deadline of December 23 for government agencies to determine if they are affected by the vulnerability and patch or mitigate it using CISA’s guidelines.
Is FastestVPN Vulnerable to Log4J Attack?
We can confirm that FastestVPN is not vulnerable to the Log4J attack. However, we remain vigilant against all kinds of cybersecurity threats.
How Can You Prevent Log4Shell Attack?
Patching the log4J vulnerability will not be an equal task for everyone. Some services and organizations will have to thoroughly analyze their systems and the underlying code to see how deep-rooted the problem is before they can patch it.
As a user, you must update to the latest version of the operating system and update all applications. If you use the Java version of Minecraft, download the latest update that patches the vulnerability. It is another reminder of why you should always keep your software updated to the latest version. New threats are always emerging, and while not all vulnerabilities are patched immediately, keeping automatic updates turned on pushes the latest software versions to you as soon as they are available.
Software is not bullet-proof; vulnerabilities often exist that can be exploited. As a user, you cannot predict which software will be attacked next, but following the best security practices to prevent or mitigate cyber threats is what you can do. Look out for phishing emails, turn on two-factor authentication (2FA), keeping operating systems and applications updated are some of the best security practices you can follow.