The world of cybersecurity has been constantly challenged since the pandemic started. With the dust still settling, a new concern has taken the entire cyber landscape by storm. A flaw in Log4j, a widely used Java-based logging library, allows hackers unbridled access to computer systems.

The vulnerability (CVE-2021-44228) affects everything from the cloud to security devices. Attackers have come up with worms that can spread independently from one vulnerable system to another. Security experts are forecasting that threat actors, currently developing new attack strategies, will begin trying to exploit the Log4j vulnerability within days.

A proof-of-concept exploit has been shared that demonstrates how any system employing Log4j can be a potential target for attacks that can trigger remote code execution, making things even more difficult for security professionals.

About the software bug

By now, every security professional might have heard the terms Log4j or Log4Shell vulnerability. Here are a few things you need to know.

  • Log4j is a widely used open source logging system framework for logging error messages in applications, predominantly in enterprise software applications and other cloud computing services.

  • A severe remote code execution vulnerability was identified recently in Log4j that affects a broad range of services and applications on servers.

  • The vulnerability allows attackers to insert text into log messages or log parameters into server logs that load code from a remote server.

  • Attackers are leveraging the vulnerability and are trying out different forms of attacks and payloads such as malware deployment via the exposed server, etc.

  • Moreover, several automated bots have also started to exploit the vulnerability.

Reasons why organizations need to worry

  1. Ubiquitous impact: Considered as one of the biggest computer vulnerability in decades, the Log4j vulnerability has literally impacted every other system in the world. Any system using the logging utility is susceptible to an attack and threat actors are testing various tactics to exploit vulnerabilities.

  2. Severity: This vulnerability has been deemed critical by security experts. Considering the scope of the breach, the vulnerability’s omnipresence, and the ease of execution, the impact of the vulnerability is severe. Since Log4j exploits LDAP, a protocol that allows anyone to locate data about resources, such as files and devices within a network, attackers can use this to navigate within the internet or an organization’s intranet to obtain sensitive information.

  3. Zero-day status: The patch or fix for the vulnerability has not been released, making it a zero-day vulnerability. With a myriad of systems and services at stake, threat actors are actively exploiting the security risk in the wild.

  4. Lack of visibility: One of the greatest challenge that Log4j vulnerability brings is the difficulty in spotting it. Several products use Log4Shell. Identifying all the applications or services that are vulnerable is a herculean task.

  5. Lack of control: Organizations have minimal control over the current situation. An attacker who knows the correct data format can use the Log4j vulnerability to develop a Java program that implants malware on your server. Updating systems and installing patches is the least an organization can do to reduce exploit opportunities.

What does the future hold?

So far, no major attacks have been reported. However, security experts are expecting things to get worse over the next couple of days. Having said that, attackers have already started developing new techniques to leverage against the vulnerability. Security teams have to be on their toes and be prepared to face unanticipated threats.

ManageEngine ensures all of our products that depend on the Log4j library have been protected against the vulnerability. We encourage customers to update to the latest versions of our products as a precautionary measure.

Raghav Iyer
Sr. Product Marketing Specialist