Our Log4J blog has been the highest-ranked blog for AAIC. This is the worst vulnerability in the last 10 years and hence it is not a surprise.
You must have heard a lot about the Log4j vulnerability till now!
Presently, it is also the most searched technical keyword on Google when it comes to security.
Let me explain the problem in simple words.
It is a threat detected in the Log4j library of Java.
- Nov 24th, 2021: First, the Alibaba Cloud Security team disclosed this vulnerability to Apache.
- Dec 9th, 2021: The vulnerability formally designated CVE-2021-44228 was revealed on Twitter.
- December 10: UK NCSC warned UK organizations about Log4j.
- December 11: CISA director remarked on an “urgent challenge to network defenders”
- December 14: Second Log4j threat with the denial-of-service threat was identified and a new patch was released as mitigation.
- December 17: Third Log4j vulnerability was detected and a new fix was released.
- December 20: Log4j was exploited by the hackers to install Dridex and Meterpreter.
What is Log4j?
Apache Log4j is a Java-based logging library originally written by Ceki Gülcü. It is a project by the Apache Software Foundation and a part of the Apache Logging Services.
How Log4j can affect you?
Read our blog to understand how to mitigate Log4j vulnerabilities.
The Log4j vulnerability can affect a prevalent component that is not popular or not known by everyone. The new name of this bug is Log4jshell.
More than 13 billion devices around the world run on Java and Log4jshell is affecting all the devices that are using a specific version of Log4j.
Being a high-level object-oriented language, Java is widely used. For example, if you are playing Minecraft, you are using Java, if you are using android phones, you are using Java, and if you are using smart TVs, you are using Java.
Not all Log4j versions are vulnerable!
Only the devices running Apache Log4j with versions from 2.0 to 2.14.1 are vulnerable to this risk. As per NCSC, the affected version i.e. Log4j2 is contained in Struts2, Apache Solr, Druid, Swift, and Flink frameworks.
The logging library of Log4j comprises various logging information like date, time, user name, and many more from the chatroom, web server logs, etc.
But hackers are attacking this library with remote code execution (RCE). This means the hackers are trying to fetch the value in a form from a remote site.
Generally, they point a URL to a Java class, fetch the code and insert it into a memory. The code runs without getting checked for legitimacy and Voila! You are hacked.
As a home user, what can you do?
If you keep updating your devices, hackers can’t do a lot of things.
Still, this bug can steal user data and sell it on the dark web.
Are IoT devices at risk?
Of course! If you have interconnected devices including a smart tv, security cameras, and phones that run on Java-enabled Apache web servers; you need to be careful.
Update your software or call your IT security team!
Real things we have done for our customers to mitigate Log4j threats
Two of our prime customers got affected by Log4j vulnerabilities. But thanks to our prompt IT security team. For one of the customers, we have upgraded the Log4j library version.
On the other hand, our certified team of AWS experts configured AWS Web Application Firewall (WAF) in their cloud environment.
Our prompt and strategic action saved our customer’s business continuity.
As a leading AWS consulting partner, we are happy to share that Amazon OpenSearch Service released a service software update – R20211203-P2. It comprises an updated version of Log4j2 for all regions. And we are helping all of our customers in updating their OpenSearch clusters to this release.
To know more talk to our AWS security experts.