Log4j Vulnerability: A True Cyber Pandemic

log4j vulnerability

One of the most serious internet vulnerabilities in the new millennium was identified two weeks ago and it is predicted to stay in the following years.

In fact, ANZ is the region with the most affected corporate networks since the Log4j vulnerability was reported.

So, what percentage of the internet is vulnerable to log4j?

Let’s get into details.

What is Log4J Vulnerability and Where Did it Come From?

There were 160 cybercrimes reported every day in 2020, so one may ask why is everyone making such a big deal out of this one. Whereas most attacks involve a limited number of softwares, Log4J is embedded in every Java product or web service, making it impossible for manual remediation.

It was initially reported on the 9th of December and since then, many attackers have found a way to exploit it, making it a truly unexpected cyber pandemic.

  • Within only 72 hours of the outbreak, there have been over 800,000 attacks all around the world.
  • Some cybersecurity firms were even logging as many as 100 log4j attacks per minute, which is very alarming.

(Australian Cyber Security Magazine)

Why is it Considered a Cyber Pandemic?

This Java-coded software was created by Apache Software Foundation and is compatible with all three platforms–Windows, macOS, and Linux. The reason why it led to an attack lies in its open-source nature since the users were able to troubleshoot issues with a built-in log or activity record.

In fact, Australia and New Zealand have seen the highest impact on corporate networks.

  • ANZ 54.2%
  • Europe 51.2%
  • Latin America 49.1%
  • Africa 49%
  • Global average 48.3%
  • North America 45.7%
  • Asia 44.4%

The Log4j Consequences

How are Hackers Exploiting Log4j Vulnerability?

This widespread vulnerability has another problem: it allows easy-to-exploit RCE (remote code execution). This means the attacker only needs to send a malicious string, which the server could easily log.

For example, iPhone users could trigger it by changing their phone names, whereas Twitter users could change their usernames. For Minecraft users, it only takes as much as using the chat function.

If you wondered what is the impact of Log4j vulnerability, you can see, that is affecting different systems and users, especially since the attackers are experimenting with it and therefore spreading it. In fact, the variations of this exploit are growing at a record pace, with over 60 of them only within the first 24 hours.

Which Industries are the Most Affected?

The log4j vulnerability stats show that all the crucial industries have been targeted, with Education/Research organizations experiencing the highest number of cyber attacks.

  • Education/Research 50.9%
  • ISP/MSP/SI/VAR/Distributor 57.9%
  • Finance/Banking 53%
  • Government/Military 50.2%
  • Healthcare 49.6%

Some of the biggest tech companies are at high risks, such as Microsoft, Google, Minecraft, Oracle, Cisco, Apple, IBM, and more.

The vulnerabilities in Log4j affect many cloud services and enterprise products from major companies, including Cisco, VMware, and Red Hat. According to research shared to VentureBeat by Wiz, the vulnerabilities impact 93% of all cloud environments, though only 45% of vulnerable cloud resources have been fixed at this time.

(Venture Beat)

What to do About Log4j?

How is the Tech Industry Responding?

Many global security companies are inviting users to take action. For each security software is now mandatory to include this zero day vulnerability into their identified signatures and to provide enhanced protection to customers’ devices. One thing’s for sure – one-layered protection is definitely not sufficient for this attack.

What is a zero-day vulnerability?
A zero-day vulnerability is a software vulnerability that has been discovered but not yet fixed in a system or device.

General advice for organizations is to update their systems as soon as possible or install an application patch. The new Apache Log4j 2 was released and guarantees to eliminate existing issues. Individual companies, such as Microsoft, are releasing official statements and guides for their users on how to apply updates.

Are There Any National Agency’s Action Plans?

Yes, national actions plans have started to show up, with one of the first being in the US. Their government has released mitigation guidelines for civilian agencies and organizations to act on Log4j, and it’s expected for countries worldwide to do the same and thus help in the management of this evolving e-threat.

In Australia, these are the recommendations from experts:

  • Organisations should invite their vendors to apply the newest patches and upgrade to Log4j 2.17.0.
  • Organisations should check if any in-house software uses Log4j to the current version.
  • If upgrading is not an option, organisations should disable the JndiLookup class.

What Customers Need to Know?

As long as you’ve enabled system updates, your web apps should stay safe. However, if you’re still not using any security software, you’ve exposed yourself to this threat with no added protection. If you just started thinking about adding one, make sure you choose an option that includes a Firewall.

Decent antivirus software should protect you from viruses and secure your privacy. It should also advise you on how to make safe decisions while installing applications or sharing data.

It’s best to equip yourself with the features to look out for when selecting antivirus software.

If you as an individual or as a part of an organization were impacted by this vulnerability or need assistance in preventing it, you may contact Australian Cyber Security Hotline (ACSC) for help on this matter.

Sources:

Leave a Reply

Your email address will not be published. Required fields are marked *