What is Log4j? -
Log4j is a Java library that is used to log things like user activity
and error messages within applications. It is an open source project that is distributed for free by the
Apache Software Foundation, making it very popular amongst enterprise
level businesses. As an open source project, the software is
maintained by volunteers.
Why is it in the news? -
A flaw within Apache, referred to as log4jbug or log4shell
vulnerability, has been found and is being exploited by hackers to run
malicious code remotely on targeted computers utilizing the Log4j
library. By applying their malicious code to these libraries, they can
run their attacks automatically the same way programmers use log4j for
legitimate purposes. Because this is such a widely used tool by large
and small companies alike, being downloaded millions of times, many
systems are affected or at risk. According to zdnet.com, over 40% of
corporate networks have been affected by the vulnerability so far, as
hundreds of thousands of attempts have been made by hackers to reach
vulnerable devices.
What are the hackers doing with it? -
Hackers are utilizing the flaw within the library structure to attempt
a variety of attacks. Data and identity theft are major concerns, and
many are using the vulnerability to install and run cryptomining software on infiltrated
devices. These are just a few ways that hackers can use this flaw
to harm users and the widespread use and ways that these libraries are
utilized by programmers means that new exploits will be attempted.
Who is affected? -
Considering there have been millions of downloads, it is impossible to
know every single product that is at risk from the log4j bug. Some big
name companies that are known to utilize the java library and are
therefore at risk are Minecraft, Amazon, Cisco, Twitter, IBM, Apple,
and more. As the range of users of log4j is so wide, nearly everyone
is at risk because even if they do not use log4j as a tool, it is
likely being utilized by some tool or service that everyone who
accesses the internet interacts with.
What can be done? -
CISA, the Cybersecurity and Infrastructure Security Agency, states
that the first step is to identify devices that utilize log4j and
monitor activity and functionality as these exploits are ongoing and
ever changing as hackers attempt to find new ways to use utilize these
libraries maliciously. On top of this, they suggest a strong firewall.
Apache urges users to monitor their website for the latest patches
that are released as they try to correct the vulnerabilities, as well
as upgrading to the latest version of the log4j library. Average
internet users should keep up to date with the latest cybersecurity
practices and news to stay ahead and keep themselves more
protected.