The Log4j vulnerability explained
On December 10th, warnings of the zero-day vulnerability found in the Java logging library, Apache Log4j 2.x, began to emerge. Today, we know that it is currently being exploited by attackers to exfiltrate data or execute arbitrary code.
Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications for logging security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.
What is the scale of the Log4j exploit?
According to TechSpot, over 840,000 cyberattacks were recorded using the exploit within 72 hours of the initial discovery. Breaches grew exponentially over the first few days; as much as 400,000 in the first 36 hours. Cybersecurity & Infrastructure Security Agency (CISA) Director, Jenn Easterly, stated that the vulnerability will be widespread, and CISA stated that hundreds of millions of devices are likely affected and could be exploited by a broad range of threat actors.
Log4j vulnerability timeline
The Log4j story is continuously evolving and organizations need to stay aware of the latest developments. Here are some key events:
December 10, 2021: Apache released Log4j 2.15.0 for Java 8 to address a remote code execution (RCE) vulnerability – CVE-2021-44228.
December 13, 2021: Apache released Log4j 2.12.2 for Java 7 and Log4j 2.16.0 for Java 8 to address an RCE vulnerability – CVE-2021-45046.
December 15, 2021: Log4j 1.x is vulnerable to an attack, although at lower risk, when logging is configured with JMSAppender are impacted – CVE-2021-4104. Recommendation is to upgrade to Log4j 2.x.
December 17, 2021: Apache released Log4j 2.17.0 for Java 8 users to address a denial-of-service (DOS) vulnerability – CVE-2021-45105.
Software developers should review the Apache Log4j Security Vulnerabilities page for additional mitigation and fixes. IT Professionals can also consult CISA guidance on Apache Log4j vulnerability and a software vendor inventory with status information.
RDS Consulting can help with your Log4j response process
Our consultants provide advice, guidance and assistance to organizations, from small and medium sized businesses to large enterprise organizations, including public sector and government. To help organizations with their Log4j response, RDS Consulting recommends a process following a standard incident response (IR) methodology, and suggests organizations carry out critical activities such as vulnerability scanning, penetration testing and threat hunting.
Log4j Response Process
Call on RDS Consulting to support your Log4j response
To discuss further how RDS Consulting can help with your Log4j response process and support your efforts with our security services, request a call with our Experts today.