Log4j: The security vulnerability affecting every corner of the internet
December 22, 2021
A major cybersecurity vulnerability, known as the Log4j vulnerability, is impacting nearly all of the internet, sending everything from financial institutions to government entities scrambling to patch their systems, before cybercriminals and nation states can launch cyberattacks. (Source)
Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record-keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet and very widely used, appearing in a “big chunk” of Internet services
Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.
Log4j is part of the Java programming language, which is one of the foundational ways software has been written since the mid-90s. Huge swaths of the computer code that modern life runs on uses Java and contains log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected. So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. (Source)
Most hacking attempts using Log4j so far have involved attackers trying to install cryptocurrency “mining” software on victims’ computers. However, an Iranian hacking group called “Charming Kitten” has also tried to use the vulnerability to breach government agencies and businesses in Israel, according to the cybersecurity company Check Point. (Source)
To take advantage of the vulnerability, hackers have to deliver malicious code to a service running log4j. Phishing emails — messages that try to coerce you into clicking a link or opening an attachment — are one way to do so. If you receive an email saying that your account has been compromised or that your credentials are needed for recover something, do not open any links or attachments. If you believe this message may be credible, find a real customer service number or address online and reach out directly.