A vulnerability (CVE-2021-44228, also known as Log4Shell or LogJam) in the Java-based logging utility Log4j has caused widespread panic on the internet as security experts rushed to patch the flaw.
Log4j is an open-source logging framework created by Apache systems, used by developers to log activity – usually error messages – within applications. Due to the nature of the exposure, which is cited as an RCE (remote code execution) vulnerability, any devices exposed to the internet while running versions 2.0 to 2.14.1 of Apache Log4j can be attacked with relative ease. Several national cybersecurity agencies have issued warnings about the Apache Log4j Vulnerability, and there is clear evidence that hackers are developing targeted strategies to exploit the flaw. For instance, the botnet Mirai, which targets IoTconnected devices, has already created an exploit to target the flaw.
Most people have never heard of Log4j before, but it is the world’s most popular Java logging library and is embedded on a range of applications, services and websites, including Apple, Amazon, Twitter, and Microsoft’s Minecraft game. While Java’s programming language is not as ubiquitous as it was in the past, it’s still widely used across all sectors of the internet. Security experts have stressed that any device not properly protected can be compromised by hackers exploiting the Log4j flaw. Apache itself has labeled the vulnerability at the severity level of “critical”. The US National Vulnerability Database also gives a base score of 10.0, “critical”. AWS, IBM, Oracle, and others have been actively working on patches to fix the flaw, but individuals are advised to take steps (see below) to ensure their devices are secure.
To exploit the flaw, all hackers need to do is create a simple line of malicious code. That code will soon get logged by Log4j, giving the hackers an entry point into the affected device. After that, the hackers have the means to gain control, and they can execute arbitrary code to take possession of the entire system, including encrypting files (and holding them for ransom). In an effort to illustrate how easy it is to exploit Log4j’s flaw, Wired reported that some Twitter users were changing their names to code strings that could be used to trigger the exploit. Screenshots from the game Minecraft, too, showed players exploiting the flaw from the game’s chat function.
First, it’s important to recognize that the flaw is with Log4j versions 2.14.1 and below. Apache has called on all developers to install the most recent version of the library, Log4j 2.15.0. In addition, it is highly recommended to install security solutions on your devices and servers. Check Point Infinity platform powered by Check Point’s Threat Cloud and AI-based prevention provides protection against the Log4j Vulnerability. You can read more on how to stay protected on Check Point website.
ZoneAlarm products are not affected by the vulnerability as there is no use of the Log4j utility. ZoneAlarm cyberthreat team continues to investigate and monitor the situation in what is considered a critical ongoing threat.