Log4J Vulnerability is Being Attacked, Countless Services Affected

Log4J Vulnerability

For those unfamiliar Log4J, is a Java library that is used in enterprise and open-source software ranging between everything from cloud platforms to web apps and even email services. Cyber attackers are attempting to exploit a Log4J vulnerability over a hundred times a minute, which eventually, given enough time, should crack into most systems connected to the internet.

This Log4J vulnerability (via The Sun) is also known as Log4Shell is a zero-day vulnerability was revealed on December 9th, and is possible that it could allow unauthenticated remote code execution and access to its servers, basically giving up most of the bag. Countless vendors, games, and services have been affected ranging from Amazon’s AWS, Broadcom, Cisco, Fortinet, and even Minecraft.

Again since this is used in a wide variety of software this can be a very big deal. Others have reported that they are noticing attempts in the hundreds of thousands to execute code remotely using this Log4j vulnerability since this has been publicly disclosed.

One of the biggest risks is installing cryptocurrency miners or botnets to leverage the hardware for the hackers purpose. Microsoft has also warned that they may attempt to install cobalt strike on these systems which could allow users names and passwords which can be sold on the dark web.

This Log4J vulnerability will see its most frequent attacks now that it is in the wild and is public knowledge. This is even more troubling considering how deeply embedded this in in many networks and how many might be unaware of its inclusion in their software. The ubiquitous nature of Log4j makes this a very unique case and a troubling one at that. One of the most worrying statements is below.

“I cannot overstate the seriousness of this threat. On the face of it, this is aimed at cryptominers but we believe this creates just the sort of background noise that serious actors will try to exploit,”

– Lotem Finkelstein, director of threat intelligence at Check Point.

If you are wondering exactly what exactly Log4j does, it is a logging request framework for Java. As for what you a general internet user can do about this, well honestly there isn’t a whole lot.

This is Niche Gamer Tech. In this column, we regularly cover tech and things related to the tech industry. Please leave feedback and let us know if there’s tech or a story you want us to cover!

,

About


Where'd our comments go? Subscribe to become a member to get commenting access and true free speech!