Focus On: Log4Shell vulnerability and cyber security risks
16/12/2021
On December 9, one of the most important vulnerabilities of 2021 was publicly reported, called Log4Shell, affecting the popular Log4j library made by Apache and which is affecting digital systems across the web. This flaw constitutes a serious risk to computer security as it allows a hacker to execute malicious code remotely, or to extract data on the server and on the application running on the target.
What is the Log4J library
Specifically, Log4j is a library used in a Java environment that allows you to manage and monitor logging operations in many online services and business applications, in order to understand any errors or malfunctions. It is one of the most used libraries for the purpose of creating logs of the services in use, since it implements an advanced system that is able to contextualize the generated log message, in order to facilitate developers in finding bugs.
Where vulnerability hides
In this scenario, a hacker can exploit an input that is not well validated to inject code into the log message, with the aim of imposing a specific interpretation by the library.
The bug, technically identified by CVE-2021-44228, involves sending a request to a vulnerable server, through simple HTTP calls, in which some data is included to make the target, passing the same to the Log4j library with the vulnerability, go to interpret the code inside the call, thus returning data relating to information that the end user should not normally have access to, such as the enumeration of users present on the server.
These requests are interpreted through the Java toolkit known as JNDI (Java Naming and Directory Interface), of which Log4j makes extensive use, and therefore can be used to launch, remotely, even malicious code execution attacks, using different communication protocols, such as LDAP, COBRA, COS, RMI and DNS.
The number of combinations of how to exploit it can be considerable and gives many alternatives to the hacker to circumvent protections and gain control of the server, with serious consequences for companies and users.
What companies and users risk
The level of severity of this type of vulnerability indicated in the CVE is equal to 10, both for the ease with which it can be exploited, and for the possibility offered to attackers towards the affected companies, which risk data extraction, or abuse. of the computing capabilities of servers for crypto mining activities. Furthermore, more experienced hackers could use it to inject code linked to a ransomware-type attack, with the aim of extorting money from victims.
Consequently, even simple users suffer damage, with the risk of losing control of their personal accounts linked to vulnerable services.
How risks can be mitigated
While users will be able to wait for the release of updates for various online services, companies will need to take action and apply the patches released by the library manufacturer as soon as possible.
Verifying the vulnerability to this exploit, however, can be a lengthy operation due to the large number of software systems used to date and their complexity.
Our cyber security team responded promptly to the problem, evaluating which applications were using log4j and carrying out a search in the system logs with the aim of diagnosing any inefficiencies or weakening of the infrastructure and implementing the necessary corrections.
Relying on consultants who are experienced in IT security and risk management can be useful in assessing the situation in the company.
Request a consultancy