Industry experts say Log4Shell to a server that supports the game Minecraft. A few days after discovering the vulnerability, the rogues have exploited it millions of times-try the Log4j 2 Java library, according to the team tracking the impact. This vulnerability is a potential threat to millions of other applications and devices around the world.
Log4Shell is an internet vulnerability that affects millions of computers and is ambiguous, but involves Log4j, an almost ubiquitous software. This software is used to record all kinds of activities that take place inside different computer systems.
Jen Easterly, US Director Cybersecurity & Infrastructure Security Agency, described Log4Shell as the most serious vulnerability she’s seen in her career. There are hundreds of thousands and even millions of attempts to exploit this vulnerability.
An attacker could exploit this vulnerability by using text messaging to remotely control a computer. The Apache Software Foundation, which publishes the Log4j2 library, has given this vulnerability a CVSS score of 10 out of 10 because it is easily exploited by malicious attackers. This is the highest severity score. As damage control evolves and damage expands, the basics of Log4Shell’s vulnerability remain the same.
Alibaba security researcher Chen Zhaojun, China’s largest e-commerce company, first reported a vulnerability to the Apache Foundation (open source project) on November 24th. They discovered an attack on the server hosting the game Minecraft on December 9th. Further forensic analysis revealed that cybercriminals discovered this vulnerability early and have been exploiting it since at least December 1, 2021. So what is the humble part of this internet infrastructure?
How can hackers abuse it, and what kind of confusion can occur?
What is Log4j doing? Log4j records events (errors and routine system operations) and sends diagnostic messages about them to system administrators and users. This is open-source software provided by the Apache Software Foundation. A common example of Log4j working is when you enter or click on a broken web link and receive a 404 error message. The web server running the domain of the weblink you are trying to access will notify you that there is no such website. Also, use Log4j to log this event in the server’s system administrator’s log.
Similar diagnostic messages are used in all software applications. For example, in the online game Minecraft, the server uses Log4j to log activity such as total memory used and user commands entered in the console.
How does Log4Shell work?
Log4Shell works by exploiting Log4j’s ability to allow users to provide custom code for formatting log messages. With this feature, for example, if Log4j contains a directory that links your username and real name to another server, as well as the username associated with every attempt to log in to the server, you can also log your real name. To do this, the Log4j server needs to communicate with the server that contains the real name.
Unfortunately, this type of code is not just for formatting log messages. Log4j allows third-party servers to deliver software code that can perform any kind of action on the target computer. This opens the door to malicious activities such as stealing sensitive information, controlling the target system, and distributing malicious content to other users who communicate with the affected server.
Using the Log4Shell is relatively easy. A copy of Ghidra, a reverse engineering framework for security researchers, was able to reproduce the problem in just minutes. There are very low restrictions on the use of this exploit. This means that a wide range of malicious people can use this exploit.
Log4j is everywhere
One of Log4Shell’s main concerns is the location of Log4j in the software ecosystem. Logging is a basic feature of most software, and Log4j is very common. In addition to popular games like Minecraft, it is used in cloud services such as Apple iCloud and Amazon Web Services, as well as a wide range of programs from software development tools to security tools.
This means that hackers have a wide range of targets. Home users, service providers, source code developers, and even security researchers. Large companies like Amazon can quickly patch web services to prevent hackers from misusing them, but organizations that are taking a long time to patch their systems, or even know they need it. Not all organizations.
How does the Log4Shell vulnerability cause damage?
Because the Log4j 2 library can communicate with other sources and internal directory services, an attacker could easily send an external malicious command to Log4j 2 to download and execute dangerous code from the malicious source. You can send it.
How an attacker can exploit Log4j2 depends on the details of the affected system. So far, most of the malicious activity has been a mass scan of vulnerable systems using fingerprints. According to Microsoft reports, an attacker could use this vulnerability to compromise the virtualization infrastructure, install and run ransomware, steal system credentials, and gain complete control over the compromised network. I stole the data. As more and more reports of potential exploitation of the
Log4Shell increases, opportunities for malicious activity become more exponential. A malicious attacker could execute arbitrary code on the attacked system to access sensitive configuration data, for example. Capturing this data gives an attacker complete control over the system and all its data and applications. It’s like a thief holding a combination of a front door key and a vault.
Software repair time estimates typically range from weeks to months. However, if past behavior is an indication of future performance, the Log4j vulnerability could appear in the coming years. As a user, you’re probably wondering what you can do about it. Unfortunately, it’s difficult to determine if your software product contains Log4j and if you’re using a vulnerable version of the software. However, you can help by following the usual advice from a computer security expert. Make sure all software is up to date.
So, how was it, smart people? Doesn’t it makes you more aware to the Cybersecurity and how bad your devices are without the awareness of it?
Author: Diva Maharani | Illustrator: Akbar Nugroho