The Apache Log4j utility is a popular and commonly used component for logging services. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute any code they choose.
This could be the most serious vulnerability ever discovered and has a rating of 10/10 on the CVSS scale, which is as bad as it gets. It is a remote code execution (RCE) vulnerability, easy to exploit, and once access is gained it allows attackers to run arbitrary code and install malicious software, exfiltration of sensitive data, and take control of your machine.
“one of the most serious I’ve seen in my entire career, if not the most serious” – Top U.S. cybersecurity defense official, Jen Easterly.
Apache Log4j is a Java-based logging utility and is part of the Apache Logging Services, a project of the Apache Software Foundation and is a widely used open-source software that is interconnected to many applications and services and is commonly used by commercial software developers. Everything from enterprise control systems, vehicle navigation, to web servers and consumer electronics is at risk. It is installed across platforms such as Windows, Linux, Apple’s macOS. The challenge is that identifying which systems may be compromised can be difficult as it is often hidden under layers of other software or undocumented folders.
Cybercriminals have developed malware that allows attackers to hijack computers for large-scale assaults on network infrastructure, while other attackers have installed software to mine cryptocurrency on compromised systems.
What to Expect in the Coming Days, Weeks, Months
One of the first attacks using the vulnerability involved the 3D world-building game Minecraft. Cybercriminals were able to take control of one of the servers before Microsoft, which owns Minecraft, could address and patch the flaw. This type of bug is called a zero-day vulnerability where security professionals had not developed a patch before it became known and potentially exploitable.
Similar attacks should be expected to surface soon. Much of the tech industry is working around the clock to develop patches before the vulnerability could be exploited by cybercriminals. The US government has warned companies to be aware that there may be cyber attacks over the holidays and to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.
The broad impact of this vulnerability is far-reaching, the log4j vulnerability even affects the Mars rover, and will affect the internet, networks, and machines for years to come. Attacks that can leverage ransomware or other attack types that will be exploited by malicious hacker nations may come soon leaving all on high alert.
This critical vulnerability requires immediate action. Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 are vulnerable. If you’re running a version of this, you need to upgrade to the latest version urgently, where this vulnerability has been addressed. More details can be found on the [nvd.nist.gov] website.
At Crest Data Systems, we are actively helping our customers to address this vulnerability and would like to share our learnings so you can perform similar measures in your own environment.
There are two methods that you can use immediately to detect if your system is compromised,
Mitigate future attacks and exploitations of this flaw by performing the below,
Crest Data Systems is proactively engaging with customers to ensure we mitigate the risk and provide additional information as the situation evolves. We upgraded all our apps in a record-breaking short amount of time in order to secure our customer’s environment. We actively scanned all our apps and identified the affected components and working with our customers to ensure the remediation steps are taken to resolve this issue.
Please contact Crest Data Systems support for any questions or further assistance with applying the mitigation steps described above.
Start with these resources for updates,