What is Log4j? -
Log4j is a Java library that is used to log things like user activity and error messages within applications. It is an open source project that is distributed for free by the Apache Software Foundation, making it very popular amongst enterprise level businesses. As an open source project, the software is maintained by volunteers.
Why is it in the news? -
A flaw within Apache, referred to as log4jbug or log4shell vulnerability, has been found and is being exploited by hackers to run malicious code remotely on targeted computers utilizing the Log4j library. By applying their malicious code to these libraries, they can run their attacks automatically the same way programmers use log4j for legitimate purposes. Because this is such a widely used tool by large and small companies alike, being downloaded millions of times, many systems are affected or at risk. According to zdnet.com, over 40% of corporate networks have been affected by the vulnerability so far, as hundreds of thousands of attempts have been made by hackers to reach vulnerable devices.
What are the hackers doing with it? -
Hackers are utilizing the flaw within the library structure to attempt a variety of attacks. Data and identity theft are major concerns, and many are using the vulnerability to install and run cryptomining software on infiltrated devices. These are just a few ways that hackers can use this flaw to harm users and the widespread use and ways that these libraries are utilized by programmers means that new exploits will be attempted.
Who is affected? -
Considering there have been millions of downloads, it is impossible to know every single product that is at risk from the log4j bug. Some big name companies that are known to utilize the java library and are therefore at risk are Minecraft, Amazon, Cisco, Twitter, IBM, Apple, and more. As the range of users of log4j is so wide, nearly everyone is at risk because even if they do not use log4j as a tool, it is likely being utilized by some tool or service that everyone who accesses the internet interacts with.
What can be done? -
CISA, the Cybersecurity and Infrastructure Security Agency, states that the first step is to identify devices that utilize log4j and monitor activity and functionality as these exploits are ongoing and ever changing as hackers attempt to find new ways to use utilize these libraries maliciously. On top of this, they suggest a strong firewall. Apache urges users to monitor their website for the latest patches that are released as they try to correct the vulnerabilities, as well as upgrading to the latest version of the log4j library. Average internet users should keep up to date with the latest cybersecurity practices and news to stay ahead and keep themselves more protected.