A vulnerability in Apache Log4j took the internet by storm a couple of weeks after a member of Alibaba’s cloud security team discovered and reported it. The Log4j vulnerabilities have already impacted more than 35,000 Java packages, with the damage still spreading.
Learning what this vulnerability means for you and protective measures is crucial to safeguard your data.
What is Log4j?
Log4j is an open-source Java logging library developed by the Apache Foundation to help programmers output log statements to various output targets. It is widely used and present in many applications and services as a dependency. However, Log4j is not a reliable tool but rather a fail-stop looping system. It does not guarantee to deliver each log statement to its destination.
Some key features of Log4j are –
- Speed optimized
- Includes name logger hierarchy
- Available beyond a predefined set of facilities
What is the Impact of Apache Log4j Vulnerability?
The Apache Log4j vulnerability can open the systems incorporating the tool open to outside intrusion and remote access. Even though this vulnerability always existed and was discovered first in 2020, it was overlooked and left untreated. The vulnerability allows unauthenticated, remote code execution triggered by a crafted string provided by the attacker through Log4j 2 vulnerable component. It could also be exploited to stage a denial-of-service (DoS) attack.
The Log4j crisis has the potential to cause a severe impact on any organizations running Apache Log4j versions 2.0 to 2.14.1. Many well-known organizations such as Apple’s iCloud, Microsoft’s Minecraft, Twitter, Steam, Tencent, Google, Amazon, CloudFare, NetEase, Webex, and LinkedIn are users of the tool.
However, “highly sophisticated attacks” are yet to be observed by U.S. officials. Most activities so far have been low-level activities such as crypto-mining. Microsoft has reported that hackers from China, Iran, North Korea, and Turkey have attempted to exploit the Log4j flaw within their system.
Pretty much any Java-based enterprise software and server using the Log4j library is vulnerable to this exploit. For example, the sandbox video game Minecraft was affected by this vulnerability which hackers could use to infiltrate devices of any Minecraft player.
How to Protect Yourself from the Apache Log4j Vulnerability
Install latest updates
If you’re using software that includes Log4j, you need to update both internet-facing and non-internet-facing software. On December 17th Apache rolled out version 2.17.0 of Log4j to mitigate the impact of CVE-2021-45105.
You also need to install the updates and security patches on other software using Log4j as soon as the manufacturers and vendors release them. For example, Minecraft has already released an update and advised its users to install it.
Set web application firewall rules
The National Cybersecurity Centre (NCSC) recommends deploying the following measures to improve network monitoring and blocking –
Organisations using Web Application Firewalls (WAFs) should ensure the availability of protective rules against the vulnerability. Organizations should also imply other control
- methods on top of WAF to protect against variants of exploitive strings bypassing WAF rules.
- Other organizations need to ensure that they are blocking unexpected outbound connections from their servers. Until the vulnerability is completely terminated from the system, it is best to block outbound connections without understanding to avert risks of exploitation.
Identify all Log4j instances
To successfully install updates and security patches to all instances of Log4j, you need to identify and find out every place where Log4j is installed. Keep in mind that Java applications can include dependent libraries like Log4j within their installation. You can conduct a file system search for Log4j across your system.
It is undeniable that Log4j has shaken up the entire IT world, and it is not likely to go away anytime soon. Therefore, following necessary protective measures is the best way to mitigate damage from this vulnerability issue. Organisations should be threat hunting for anomalies and take action for alerts to stay safe.
Web security is becoming a rising concern as malware and cyberthreats become more sophisticated with time. This is why it is crucial to take every possible measure to protect personal information on the web. And one private piece of information most exploited on the web is your email address.
Go to Sniff Email to check your email address visibility on the web. Sniff Email is an online platform dedicated to finding out if your email address exists on the internet. Enter your email address in the search field and click fetch to find out if your email address exists on the web within a few seconds. Based on the results, you can take appropriate action to remove it.
Photo by Joan Gamell on Unsplash