What is Log4Shell and what kind of damage can it do?
4 min read
Log4Shell is a vulnerability in Log4j, a Java-based logging utility, which gained the limelight in the last months. Various threat actors have already tried to exploit this bug, causing alarm among cybersecurity experts. Should you be concerned about Log4Shell?
How does Log4j work?
Log4j is a library responsible for logging used by millions of programs. It helps to track what’s happening in a specific application and sends diagnostic messages for IT administrators.
Let’s say you want to access a certain server but enter the wrong credentials and receive a 401 error message. The server tells you that you’re not authorized to access the resources you want and records this event with Log4j. This way, system administrators can learn that an unauthorized login attempt was made and investigate the situation.
In December 2021, a vulnerability was found in Log4j that allows hackers to insert malicious code into a system and perform various activities, such as stealing data, spreading malware, or taking control of a target. This vulnerability was called Log4Shell and received the CVE number CVE-2021-44228.
What kind of damage can Log4Shell do?
As soon as Log4Shell was discovered, various threat actors started to exploit this vulnerability. Microsoft has announced that multiple nation-state activity groups from China, Iran, North Korea, and Türkiye have been observed utilizing Log4Shell.
Hackers have tried to gain access to various networks and then sell that access to ransomware-as-a-service affiliates. This means they don’t launch ransomware attacks themselves but sell access to other wrongdoers, who then deploy ransomware. These groups have also attempted to exploit Log4Shell vulnerability in Windows and Linux systems, which may eventually increase the number ransomware attacks on their users.
In January, the UK’s National Health Service (NHS) issued a warning that hackers are targeting VMware Horizon servers. This may lead to data theft, malware distribution, and deployment of ransomware.
Hackers have also reportedly targeted servers of the popular video game Minecraft. CISA (Cybersecurity and Infrastructure Security Agency) director Jen Easterly said that Log4Shell will be used in intrusions “well into the future.”
How common are software vulnerabilities?
There were more than 18,000 vulnerabilities discovered and published on the US government’s National Vulnerability Database (NVD) in 2020. At the time of writing, the database contains 168,000 entries in total.
They are divided into low, medium, and high (critical) risk. Log4Shell is considered a critical vulnerability, meaning that it can have a tremendous impact on internet users.
At the time of discovery, Log4Shell was classified as a zero-day vulnerability, which implies that threat actors may have known about it before it was found. However, it’s still unclear whether hackers managed to exploit Log4Shell before cybersecurity experts made the discovery public.
How to protect yourself from Log4Shell
Since the infamous vulnerability was detected, various patches were released to eliminate risks. Companies that use applications relying on Log4j should update their software immediately. We recommend scanning all your programs and updating the most important ones for your organization first.
It’s also important to pay close attention to any suspicious activity on your network, so if anything happens, you can mitigate the threat effectively.
