This vulnerability is dangerous because, Ducklin says, it is “extravagantly exploitable”. “The bulk of attacks that Microsoft has observed at this time have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers,” says the Microsoft 365 Defender Treat Intelligence Team in their analysis. It is widely deployed in enterprise tech and as part of cloud platforms, and as a result data from businesses around the world which use these services could potentially be accessed by criminals.
Log4j is used by millions of web applications, including Minecraft, Apple iCloud, Twitter and Steam. “Unfortunately, somebody figured that it also makes it very easy for almost anybody who wants to exploit this.” “It’s a fantastic feature that makes that makes your logging super easy,” he says. Log4J is a feature that allows someone to customise their logging, continues Ducklin. “It’s a feature that was built into this logging-for-Java program, which actually comes from Apache”, he says. The vulnerability is caused not by a bug, but a logging feature that can be exploited by criminals, explains Paul Ducklin, principal research scientist at security company Sophos. What is the Log4j zero-day vulnerability?ĭetails of the vulnerability, dubbed CVE-2021-44228, were published on Github on Friday, and it has since been exploited in numerous ways.
Update on Log4J vulnerability: What happened this week and what comes next?.Patching is the only solution to the problem, but tracking down all affected applications may not be that simple, experts have warned. (Photo by Yurich84/iStock)Ĭybercriminals are currently using the vulnerability to hack into servers and mine cryptocurrencies, and could soon move on to trying to steal valuable personal data.
The zero-day vulnerability, known as Log4Shell, is caused by a problem in Apache’s Log4J logging library and allows threat groups to launch remote code attacks against affected systems.īusinesses have been exposed by a javascript vulnerability known as Log4J. A vulnerability in a widely used open-source logging tool from the Apache Foundation has left millions of web applications at the mercy of cybercriminals.