The Emerging Cybersecurity Threat of Log4j

Posted on January 7, 2022 How-To Guides

In 2020 the global cyber security market reached a value of $183.34 billion, and it is continuing to grow fast. All industries and organizations have moved more and more into the world of computing in recent years. With that, the increased risk of cyberattacks, and the need for good cybersecurity have increased in kind. Very recently a new cybersecurity risk has presented itself. and it may be one of the largest ever. It is a vulnerability in the log4j coding language, and it affects companies all over the world.

To find out more about what the log4j vulnerability is, and why you need to be aware of it, keep reading.

What Is Log4j?

Log4j is a Java-based programming code designed to run across different platforms: Windows, macOS, and Linux. It is a free, open-source software created by a group of volunteers within the Apache Software Foundation.

Log4j works by generating a log/record of activity that is used by other software developers. They can then troubleshoot problems or track data to make improvements in their own software.

Due to its usefulness and the fact that it is free Log4j has become very widely used all around the world.

It constantly keeps a record of data, and every time it logs something new it adds it to the existing record. These logs are present at all stages, making it easy to identify any problems that come up.

In general, it is present throughout all stages of development, as well as in online games, cloud data centers, and enterprise software.

Why Is This Vulnerability So Significant?

Java has been in use all over the internet since the mid-90s. Countless lines of computer code used today consist of Java containing log4j code.

Even some of the world’s largest cloud storage services are now vulnerable. Companies such as Microsoft, Google, and Amazon use this code and are now exposed.

The thing that makes this vulnerability so significant is the wide use of log4j. Every system that includes it may be vulnerable in the same way. Because of this, any attackers taking advantage of it will have a huge number of opportunities to exploit.

How Does the Exploit Work?

It was actually discovered in 2020, but back then it was widely overlooked. More recently the vulnerability has been officially disclosed by Apache inside the log4J library.

They did this after a researcher from LunaSec was able to identify it in Microsoft’s game Minecraft. People were quick to discover that this vulnerability was not a part of the game, but the Java language it uses.

The log4j vulnerability is, unfortunately, one that is very easy for hackers to exploit. All hackers need to do is get a program to log a line of malicious code that will then execute itself. Hackers can then assume control of the affected servers.

In terms of this Minecraft discovery, it is as simple as typing the code into the public chatbox. Attackers have also used it on Twitter where they would simply change their display names to feature the malicious code.

Due to the log4j configuration, when a hacker uses this vulnerability they can get into every part of whatever system they have attacked.

Most companies use several security measures to act as multiple lines of defense. Unfortunately, this vulnerability can bypass them all, giving the hacker access to everything. 

Devices and Systems at Risk

The list is almost endless. The cloud storage systems mentioned above are just a small number of vulnerable systems. Beyond these, it extends to all software and servers that rely on Java.

Twitter, LinkedIn, Steam, and iCloud are some examples of companies with a huge reach that are now open to attack.

Many devices which connect to the internet such as smart TVs and security systems are at risk. Large software selling companies like IBM and Oracle are also exposed.

This is a zero-day vulnerability as it was previously unknown, and no patch is yet available. Until developers can provide a patch, hackers can use it to cause all kinds of problems.

People can gain access to personal data such as passwords and logins. Networks are also very vulnerable to infection with malicious software. The fact that this exploit is so easy to utilize makes this a lot worse.

How to Protect Your Devices

Any businesses using devices that utilize log4j should identify and update these to the latest version as soon as possible. Microsoft has recommended that customers contact the providers of any software they use to determine whether or not they use the Java programming language.

As a general cybersecurity rule, you should install all software and system updates as soon as they become available. Companies don’t always make major announcements, but updates often patch any security issues.

In a case such as this where the exploit is so significant, the importance of updating cannot be understated. As one of the more well-known vulnerable pieces of software, Minecraft has already released an update and encouraged users to install it as soon as possible.

Beyond this, a Web Application Firewall (WAF) can provide defense from the vulnerability. You may already be using a WAF, but you should ensure you have one that focuses on WAF to ensure the best possible protection. It will recognize and block the specific character strings from upstream devices and stop them from affecting your system.

Alerts can also be set up to detect any probes or attacks on devices using log4j. You should ask your company’s security operations to routinely hunt for anomalies and act upon any alerts that come up. This is highly recommended by the National Cybersecurity Centre (NCSC).

The Advantage of Cloud Storage

Cloud storage is something that can prevent cybersecurity risks, as well as protect against them. It is the perfect way to back up data, so if your system is compromised and data gets corrupted or stolen, having everything backed up can be immeasurably helpful.

This is perfect for protection against attacks such as ransomware in which an attacker will take files and essentially hold them hostage, demanding payment to release them back to you. If your company has a full backup of all files, you’ll be immune to such attacks.

The best cloud storage services, such as NETdepot, maintain several security measures to offer as much protection as possible. NETdepot does this through a 5 step cybersecurity plan:

  1. Identify – Threat analysis & assessment, penetration testing
  2. Protect – Firewall, IPS, IDS, 2FA-Login, Tier 4 Datacenters, 24/7 manned facilities, air-gapped backups
  3. Detect – 24/7 managed detection, dual SOC and NOC, abnormality detection
  4. Respond – 24/7 Dual SOC and NOC response, control data exploitation response in real-time
  5. Recover – Instant restoration of data to DR site or Cloud in the event of data loss or physical disaster

NETdepot works hard to provide security as a service, keeping customers’ data as safe as possible at all times.

Tech Industry Response

As is to be expected, as soon as the vulnerability became widely known, computer programmers and security experts got to work trying to fix the vulnerability in their own software.

Naturally, larger companies have a lot more work to do – Google had more than 500 engineers scouring through huge amounts of code to ensure it was all safe and secure.

This same sort of process has been seen at many other companies as it is realistically the only way to be sure there are no compromises.

Coders have described it as a “nightmare” due to the intensity of the work required.

Government Response

This isn’t a problem the government would ignore. A number of government systems have already been affected by the vulnerability, and that number will grow.

The Cybersecurity and Infrastructure Security Agency (CISA) have stated that they are already working with their partners to get ahead of the threat and prevent attacks on private or public infrastructure.

CISA has ordered federal civilian agencies to fix/patch any vulnerable systems as soon as possible, and they have published a list of potentially impacted products, which is growing as more are discovered.

What Is Next for the Log4j Vulnerability?

Due to how widespread this vulnerability is, it’s safe to say it will be present for quite a while. There is no overall log4j fix across all systems, so companies will be very busy in the coming months working to ensure the security of their own data.

The overall reach and long-lasting effects are yet to be fully seen, so things are likely to change as more research is done.

If you are looking to improve your security you should take on board the information above. Think about where your security is at the moment, and how it can be improved.

NETdepot is dedicated to providing cloud storage solutions with the best security possible, so if you would like to find out more about how NETdepot could help your business, click here and get in touch today.

Contact Us Today To Experience How We Can Save You Time, Money And Stress