Log 4j Vulnerability - Here’s What Tech Firms Should Do To Avoid Exploitation

If you have not assessed your security systems or not taken a hard look at your servers recently then you should do it ASAP. Because you might be vulnerable to the new lethal log4j vulnerability which has prompted national security agencies all around the globe to issue warnings, including the Cybersecurity and Infrastructure Security Agency (CISA), National Cyber Security Center of the UK, and Germany’s consortium of cybersecurity watchdogs. 

This dangerous software vulnerability called Log4j shell was first discovered by a member of Ali Baba’s cloud security team. It has impacted the likes of iCloud, Minecraft, and Steam. Thus, posing a real threat to businesses in general too. This vulnerability is being tracked as CVE-2021-44228.

Also, Log 4j shell is zero-day which makes it more dangerous, which means that the vendor or developer has just recently learned about the flaw and they have zero-day to fix it. Zero-day attacks are extremely dangerous because hackers can exploit the flaw before developers have a chance of mitigating or addressing it. The vulnerability thus has huge potential as logging untrusted or user-controlled data with the vulnerable version of Log 4j  might result in Remote Code Execution (RCE) against your application. With the inclusion of untrusted data provided in logged errors such as authentication failures, exception traces, and other unanticipated vectors of user-controlled input.

The vulnerability discovered in the open-source logging Log 4j library also caused the internet to tremble in the last few days. The virus has affected the systems depending upon how widespread the library used is and how exploitable the security system is. Other than this the bug allows the hackers to get into the computer systems where they can steal data and introduce malware etc.

Joe Sullivan, the chief security officer at the website security  company Cloudflare explained the risk of this vulnerability and told the Associated Press that "I'd be hard-pressed to think of a company that's not at risk." Marcus Hutchin, the computer security researcher and white-hat hacker also known for his role in halting the WannaCry ransomware attack of 2017, termed the vulnerability as “extremely bad”.

Joe and Hutchins are right about the magnitude of destruction this bug can unleash because the majority of devices with internet access are immensely vulnerable if they are running on the affected version of Log 4j. 

Also, one of the first places to showcase the flaw was Minecraft. Hutchins also explained on Twitter that Minecraft users got remote code execution on the game’s servers after sending over a short message into a chat box.

But what is the fastest way to save your system? Well, Jen Easterly the Cyber Security Agency Director offers an immediate solution in her recent statement that all organizations should right away update their systems. She further said that organizations should “upgrade to log 4j version 2.1.5.0 or apply their appropriate vendor recommended mitigations immediately." Moreover, in regard to security measures taken, "We are moving towards mitigation of this vulnerability and detecting any associated threat activity," she said. 

What is Log 4j?

Log 4j is open-source software that is maintained by a group of volunteer programmers as a part of the Apache Software Foundation, a non-profit organization, and is also a major Java login framework.

Apache in its security advisory also noted that this issue was first confirmed by the Alibaba Group Holding Ltd’s security researcher.

What Major Companies Are Doing To Fix It?

Tech giants like Microsoft Corp and Cisco Inc are facing pressure for the fixture of what experts term one of the most dangerous software flaws in recent history.

Cisco and Microsoft both have published guidance about the flaw and developers have also released the fix late last week. Oracle has also announced and released a patch for the flaw as well.

"Due to the severity of this vulnerability and the propagation of exploit code on various sites," the company stated, "Oracle strongly recommends that customers implement the updates provided by this security alert as soon as possible."

IBM has also come on the front to bust the bug with the confirmation of actively working on responding to the Log4j vulnerabilities across its products and infrastructure.

What Should Tech Firms Do To Prevent Any Exploitation?

The security agencies like NSCS and CISA have recommended some guidelines to help companies. In addition to this, Microsoft has also released a comprehensive framework.

CISA recommends the categorization of the external-facing devices with Log 4j installed making sure that a web application firewall (WAF) is installed with rules specifically focused on Log 4j.

NCSC  also recommends updating to version 2.15.0 or later, and where it is impossible-mitigating the flaw in Log4j 2.10 and later by setting system property "log4j2.formatMsgNoLookups" to true or deleting the JndiLookup class from the classpath. 

Another part of the challenge will be the identification of software harboring the Log4j vulnerability. NCSC in this regard has also posted a comprehensive A-Z list on GitHub which contains a list of affected products, the vulnerable ones, or under investigation. Thus the list manifests the reality of the widespread vulnerability of products such as cloud services, developer services, mapping services, etc.

Microsoft also recommends its users switch to cloud-delivered protection in Microsoft Defender Antivirus in order to cover the rapidly growing attacker techniques and tools. The cloud-based machine learning protections halt the majority of new and unidentified variants.  The Microsoft Defender Antivirus identifies and detects the behaviors in relation to threats as following detection names.

On Windows

1. Trojan:Win32/Capfetox.AA– 
2. HackTool:Win32/Capfetox.A!dha 
3. VirTool:Win64/CobaltSrike.A
4. TrojanDropper: PowerShell/Cobacis.A
5. TrojanDownloader:Win32/CoinMiner 
6. Trojan: Win32/WebToos.A  

And on Linux

1. Trojan:Linux/SuspectJavaExploit.A, Trojan:Linux/SuspectJavaExploit.B, Trojan:Linux/SuspectJavaExploit.C 
2. Trojan: Linux/BashMiner.A 
3. TrojanDownloader: Linux/CoinMiner 
4. TrojanDownloader:Linux/Tusnami 
5. Backdoor:Linux/Tusnami.C 
6. Backdoor:Linux/Setag.C 
7. Exploit:Linux/CVE-2021-44228.A, Exploit:Linux/CVE-2021-44228.B 

In the end, the maintainers of Apache Log4j have also released a new version 2.15.0 within a day of the Proof of Concept (PoC) surfacing on GitHub and Twitter and also the mitigation steps for those who are unable to immediately update.