What is the Log4j Vulnerability?
Over the past few days, news reports have surfaced warning of a new cybersecurity threat that has the potential to affect hundreds of millions of devices globally. The threat, which is known as the Log4j vulnerability, in basic terms is a remote code execution bug, meaning that it can allow hackers to gain control of systems remotely and run malicious code, steal valuable data, or mine cryptocurrency on affected devices, among other illegal activities. The Log4j vulnerability has the potential to affect services ranging from online platforms to game clients and other widely used services.
Some of the more well-known entities running Log4J are security firm Cloudflare, Apple's cloud services and the popular video game Minecraft.
The Log4j vulnerability was first reported on November 24th, when individuals working on an open-source software project received an email from Chen Zhaojun, an employee on Alibaba Group Holding Ltd.’s cloud-security team, that stated. “I want to report a security bug,” and added “the vulnerability has a major impact.”
Zhaojun would further describe how cybercriminals could take advantage of Log4j based on its ability to help execute code remotely, effectively allowing hackers to control any system running Log4j.
One immediate example the sprung up in the days following the discovery of the Log4j vulnerability was when the operators of the Kinsing crypto-mining botnet used Log4j to leverage Base64-encoded payloads and run shell scripts. The hackers were able to effectively remove competing crypto-mining threats from their targets before downloading their own Kinsing malware.
Additionally, the Log4j affects the Apache Log4j logging platform, that manages web server and application logs. Although a patch was issued with the release of Log4j 2.15.0, the thousands of systems that are running older, vulnerable version of the service are in immediate danger of potential Remote Code Execution (RCE) related schemes.
The issue was addressed this week by Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), on a phone call attended by financial firms and health care executives.
Easterly told those on the call that, "This vulnerability is one of the most serious that I've seen in my entire career, if not the most serious," and added, "We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents."
Government and the operators of critical American infrastructure are now struggling to decipher whether they have systems running Log4j that may have been accessible via the internet. Jay Gazlay, another CISA official that was on the call with Jen Easterly added that, "We're going to have to make sure we have a sustained effort to understand the risk of this code throughout US critical infrastructure."
With the continuous onslaught from Chinese, Russian and North Korean hackers, among other for-profit threat actors, the Log4j vulnerability fallout may rival 2017’s WannaCry global crisis. But just like with WannaCry, organizations and individuals can protect themselves by running patches and making sure that all their program software is up to date.
Additionally, leveraging a malware remediation tool to scan for any malware that might have been downloaded as a result of the Log4j vulnerability is highly recommended.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. Julio’s writing focuses on cybersecurity and politics. Websites including Newsmax, Townhall, American Thinker and BizPacReview have published Julio’s work.