LOG4j: What is it? How will you be affected? What is Being Done?

LOG4j: What is it? How will you be affected? What is Being Done?

Log4j is an example of a company trying to do something as a fix that spiraled into a major problem. When the Apache Software Foundation released Lg4j 2.15.0 as a way to correct a remote code execution vulnerability (CVE-2021-44228, aka Log4Shell) it launched into an area that they never expected. Log4j is one of the more popular Java logging libraries that are included in a number of Apache enterprise software. The company released two additional updates and the CVE-2021045105 version allowed bad actors to create DDOS (denial of service) attacks.

To get idea of how Log4j works, when a user clicks or types in a link that is bad they typically get a “404 error” message. The server for the domain informs the user that there isn’t any such webpage and then records this as an event in the server’s system for administrators using Log4j. It’s also used in a variety of software applications to log specific activity such as commands typed in and memory that is being used. In other words, it’s an “under the hood” fundamental feature software that monitors quite a few actions and conditions….and it’s everywhere.

How will You Be Affected?

Once hackers found out about this vulnerability they began seeking out servers that have a vulnerability and setting up servers that can send DDOS attacks. While larger companies have the where-with-all to incorporate patches to fight the attacks off, not everyone has been fast enough or has the ability to block them. Hackers have used botnets as well as ransomware to gain access to these servers and many of the hackers have been traced back to North Korea and China. For any server that is breached the hackers can gain access to personal information. The problem is, each time a fix or patch is created, bad actors are figuring out ways around them.

What is Being Done?

Agencies around the globe at adding patches in an attempt to circumvent hackers, however, the volunteers that maintain Log4j have reported an “infinite recursion bug” that affects up to the 2.16 versions. Apparently the bug will crash the application if there is a specific string pattern is substituted. While the bug seems to be listed as less critical due to the fact that it can only be used for DOS attacks, another RCE bug that has been included in the 2.16 patch can have larger impacts as it depends on third parties and vendors that will probably not have added patches fast enough. Since Logi4j is bundled with other software it has become almost impossible to track down all of the locations.  Even if/when Log4j is found, threat actors are creating other variants and it’s expected that it may take months to trace everything.

“Most cybersecurity experts expect that some form of Logi4j will be around for a long time. It’s important to work with professional companies such as DaVinci CyberSecurity to ensure that all of your network and software is kept up-to-date. Ransomware continues to be one of the most harmful attacks around the globe and we can assist to help to ensure that your organization is kept safe.”

Sharon Knowles, CEO DaVinci Cybersecurity

Contact Us