Log4j threats: Everything you should know about

Log4J is the worst vulnerability in the last 10 years and hence it is not a surprise.

You must have heard a lot about the Log4j vulnerability till now!
Presently, it is also the mostly searched technical keyword on Google when it comes to security.

Let me explain the problem in simple words.

- It is a threat detected in the Log4j library of Java.
- Nov 24th, 2021: First, Alibaba Cloud Security team disclosed this vulnerability to Apache.
- Dec 9th, 2021: The vulnerability formally designated CVE-2021-44228 was revealed on Twitter.
- December 10: UK NCSC warned UK organizations about Log4j.
- December 11: CISA director remarked on “urgent challenge to network defenders”
- December 14: Second Log4j threat with denial-of-service threat was identified and new patch was released as mitigation.
- December 17: Third Log4j vulnerability was detected and a new fix was released.
- December 20: Log4j was exploited by the hackers to install Dridex and Meterpreter.

What is Log4j?
Apache Log4j is a Java-based logging library originally written by Ceki Gülcü. It is a project by Apache Software Foundation and a part of the Apache Logging Services.

How Log4j can affect you?
Read our blog to understand how to mitigate Log4j vulnerabilities. https://aaic.cc/mmrk

The Log4j vulnerability can affect a prevalent component that is not popular or not known by everyone. The new name of this bug is Log4jshell.

More than 13 billion devices around the world run on Java and Log4jshell is affecting all the devices that are using a specific version of Log4j.

Being a high-level object-oriented language, Java is widely used. For example, if you are playing Minecraft, you are using Java, if you are using android phones, you are using Java, and if you are using smart TVs, you are using Java.

Not all Log4j versions are vulnerable!

Only the devices running Apache Log4j with versions from 2.0 to 2.14.1 are vulnerable to this risk. As per NCSC, the affected version i.e. Log4j2 is contained in Struts2, Apache Solr, Druid, Swift, and Flink frameworks.

The logging library of Log4j comprises various logging information like date, time, user name, and many more from the chatroom, web server logs, etc.

But hackers are attacking this library with remote code execution (RCE). This means the hackers are trying to fetch the value in a form from a remote site.

Generally, they point a URL to a Java class, fetch the code and insert it into a memory. The code runs without getting checked for legitimacy and Voila ! You are hacked.

Real things we have done for our customer to mitigate Log4j threats:-
Two of our prime customers got affected with Log4j vulnerabilities. But thanks to our prompt IT security team. For one of the customers, we have upgraded the Log4j library version.

On the other hand, our certified team of AWS experts configured AWS Web Application Firewall (WAF) in their cloud environment.
Our prompt and strategic action saved our customer’s business continuity.

As a leading AWS consulting partner, we are happy to share that Amazon OpenSearch Service released a service software update – R20211203-P2. It comprises an updated version of Log4j2 for all regions. And we are helping all of our customers in updating their OpenSearch clusters to this release.

To know more talk to our AWS security experts@ https://aaic.cc/1ax4

Sky Loft, Creaticity Mall, Off, Airport Rd, opposite Golf Course, Shastrinagar, Yerawada, Pune, Maharashtra - 411006

We are automation experts, with an AWS-certified team comprising 60% of our workforce. We assist you in applying intelligence to cloud and DevOps, as our name suggests.

Our AWS certified experts create high-performing cloud apps by utilising intelligent components and smart integrations to accelerate your digital transformation journey.

This release was published on openPR.