Have You Met Log4Shell?

Basic facts to know about one of the most serious cyber security flaws in recent years

2022 inherited one of the most severe cyber security flaws that is going to have a lasting impact. Log4Shell was detected in mid-December, 2021 as a security gap in Java libraries, which have been in widespread use for a long time in software in a variety of sectors.

Some of the elements that make Log4Shell a serious flaw are as the following:

Easy exploitation by hackers,
Presence in a range of fields, such as production facilities, transport, hospitals and public institutions in addition to information technologies and,
Exploration and exploitation by hackers before cyber security experts.

Malicious codes sent to targets through this vulnerability can let hackers gain access to anything from web servers to control systems.

How is Log4Shell Exploited?

According to early observations, crypto miners attempted using the power of the processors of systems and servers they were able to enter through the gap. This may at first seem less harmful and less costly than ransomware or stealing of personal data; it is nonetheless worrying that hackers had unauthorized access to systems due to Log4Shell.

However, following the crypto miners, more dangerous attack types emerged. The first attack type is related to the installation of one of the penetration test tools (Cobalt Strike), which is originally used by hackers for stealing user names and passwords. The second type is ransomware; which is already one of the most rampant cyber-attacks and as a result can become even more extensive. The third kind is the one carried out by government-sponsored hackers, who are most likely aiming at cyber espionage. Evidence for this type is the confirmation of the Belgian Ministry of Defense about the attack on their network through Log4Shell.

The above-mentioned cyber-attacks are the ones which were detected and reported in the past two months. While the cyber security experts are looking for potential gaps and trying to remediate them, attackers are working to figure out new methods.

Is It Over?

Big technology companies and some governments acted to close the potential gaps in their systems: some strengthened their system controls; some installed the most recent updates and some announced that organization-specific instructions were given. Moreover, a large number of cyber security research groups publish the IP lists of the hackers who are exposed exploiting Log4Shell.

Nevertheless, considering the prevalence of applications, services and software written with Java and used by global organizations in various sizes and individuals, it not possible to precisely point out to the systems that are affected from Log4Shell. Since the detection of the flaw does not necessarily mean an immediate remediation, many companies are still potential targets for hackers.

Even in the best-case scenario in which the measures are taken, it is highly likely that new vulnerabilities will emerge as a result of Log4Shell.

Conclusion

Log4Shell vulnerability is considered one of the most serious cyber security flaws for all the networks that are connected to computers and internet in recent years as it can be exploited easily by hackers, affects hundreds of millions of devices in a variety of sectors and can allow even external control of systems.

For the time being, some of the instantaneous measures are updating the software that use Log4j library and making relevant services stricter. However, for the potential vulnerabilities that have not been explored as of yet, the safest bet would be to ask for support from cyber security experts.