What is Log4j Vulnerability ?
Log4j also know as Log4Shell is one of the recent type of hac*ing methology which is initiated by Apache.
What is Log4J attack?
This is an open-source logging library, which is used by almost all major Java-based enterprise apps and servers across the industry. A logging library is used to keep track of all the activity inside an application. The flaw allows any hacker or cyber-criminal to control and execute ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library.
This attack exploits the Log4j vulnerability to download a Trojan malware, which triggers a download of an .exe file, which in turn installs a crypto-miner. Once the crypto-miner is installed, it starts using the victim’s resources in order to mine for cryptocurrency for the attackers’ profit, all without the victim knowing they have been compromised
The vulnerability is also dubbed as Log4Shell and was first highlighted by researchers at LunaSec. The issue was discovered in Microsoft-owned Minecraft, though LunaSec warns that “many, many services” are vulnerable to this exploit due to Log4j’s “ubiquitous” presence. The reason is that this particular open-source Java library is used in almost all major Java-based enterprise apps and servers across the industry. the vulnerability can allow an attacker to control and execute ‘arbitrary code’ and gain access to a computer system. It can allow a hacker to gain complete control of a server when exploited correctly. The Log4j library in Java is used to keep a record of all activity in an application and is thus very commonly used by software developers across the world.
The technical definition in the CVE library states that “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.” The worrisome part here is that the exploit has likely been used by hackers to gain access to certain computer systems, and now that the exploit is in the open, companies will have to patch it soon. According to reports, the problem appears to have been patched for everyone on Log4j 2.15.0 and above as the be-haviour has been disabled by default. Attempts to exploit the Apache log4j vulnerability will most likely keep evolving in the future. The ease of the exploitation combined with the popularity of the log4j library created a vast pool of targets for attackers. Check Point released relevant protections for the Apache Log4j Remote Code Execution vulnerability to ensure our customers stay protected against these attacks
Comments
Post a Comment