Logging is important to keep track of what is wrong with a system. However, this does not leave loggers invulnerable to cyberattacks and exploits.
April 21, 2022
Author: Eric Burdick
What is Log4j?
Log4j is a part of the apache logging services used when developing software. Log-based services allow users to keep track of any sort of activity on a system. Log4j is the most common and popular piece of logging framework with massive tech companies. Companies such as Steam and Apple implement it as a part of the skeleton of their framework.
The log4shell Exploit
Otherwise known as exploit CVE-2021-44228, this was a zero-day vulnerability found in multiple versions of Apache log4j. The vulnerability allowed attackers to remotely send unauthenticated code containing ransomware or allow attackers access to personal information. Massive organizations were often targeted so that malicious actors could take control of the network and steal valuable information.
The Impact
Due to the common use of Log4j, many companies faced a record high of cyberattacks. One such example is the popular game Minecraft. Most versions of Minecraft use Log4j in their code with the exploit intact. Due to Minecraft constantly running online servers, users could enter lines of code to gain access to the server and its clients. Other large companies such as Google, Microsoft, and Steam were vulnerable to attackers. Logs can contain important information such as usernames and passwords.
With large-scale companies having log4j with the log4j shell vulnerability, there was a massive spike in cyber attacks. Certain companies were reported to have their systems taken over with botnets, worms, and even crypto-mining exports. To counter these attacks, some companies were put at an even higher risk by putting servers offline to prevent further damage.
Patching and Prevention
A patch was rushed out nearly a day later to attempt to cover up this vulnerability. However, due to how quickly the patch was pushed out, there were easy workarounds that took much more time to fully solve. A total of four patches were released that relate to the log4j shell exploit. The big issue that comes with these patches is that some users may be completely unaware of the ongoing issue and what log4j is. Users and companies who lack the updated versions of log4j are still under fire for these attacks. The solution nowadays is to update to the most recent version that lacks the log4j shell exploit.
Conclusion
Nowadays the issue has long died down. Log4shell will forever go down as a massive vulnerability with many companies facing record high cyber attacks. This shows that any piece of software in a system could have a vulnerability that has yet to be found.
Resources:
- Berger, Andreas, et al. “What Is Log4Shell? the LOG4J Vulnerability Explained (and What to Do about It).” Dynatrace News, 11 Feb. 2022, https://www.dynatrace.com/news/blog/what-is-log4shell/.
- “CVE-2021-44228 – Log4j 2 Vulnerability Analysis – Randori Attack Team.” Randori, 5 Jan. 2022, https://www.randori.com/blog/cve-2021-44228/.
- Duraisamy, By: Ranga, et al. “Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited.” Trend Micro, 13 Dec. 2021, https://www.trendmicro.com/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html.
- Eugen Paraschiv. “How LOG4J2 Works: 10 Ways to Get the Most out of It.” Stackify, 30 Mar. 2021, https://stackify.com/log4j2-java/.
- “The Impact of Log4Shell Vulnerability.” Appsec Phoenix, 3 Jan. 2022, https://appsecphoenix.com/the-impact-of-log4shell-vulnerability/.
- LunaSec, Free WortleyCEO at, et al. “Log4Shell: RCE 0-Day Exploit Found in log4j 2, a Popular Java Logging Package: LunaSec.” LunaSec RSS, 19 Dec. 2021, https://www.lunasec.io/docs/blog/log4j-zero-day/.
- Rbs. “Log4Shell: How ‘Big’ Is It?” Risk Based Security, 28 Mar. 2022, https://www.riskbasedsecurity.com/2022/02/16/log4shell-how-big-is-it/.
- Team, The Inedo. “Log4Shell Impact & Other High-Severity Vulnerabilities.” Inedo Blog, https://blog.inedo.com/log4shell-high-severity-vulnerabilities.