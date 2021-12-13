A newfound critical cybersecurity risk, named Log4Shell, has sent the IT world into a nightmarish rush to fix a vulnerability that might result in a serious cybercrime event globally. A warning was issued by the US government’s cybersecurity agency regarding a critical zero-day vulnerability in a software called Log4j software, which is widely used by a number of software and apps.

The flaw can give hackers ‘unfiltered access’ to computer systems with Log4J software. The vulnerability is being called the worst security vulnerability in the last 10 years, and reportedly has a severity rating of 10 out of 10.

Experts suggest it is the most serious security flaw in recent memory, with the Log4j library embedded in almost every Internet service or application, including the likes of Twitter, Amazon, Microsoft, Minecraft and more, cybersecurity firm Checkpoint notes.

What is Log4J?

Reported by nonprofit Apache Software Foundation on December 9, the vulnerability was reportedly discovered by Alibaba Group’s cloud-security team.

The software that it affects, Apache Log4j, is the most popular java logging library and has been downloaded over 400,000 times from its GitHub project. As per Checkpoint, a vast number of firms around the world use the software and it enables logging in a wide array of popular apps.

The cybersecurity company notes that the vulnerability is simple to exploit for hackers who can easily control java-based web servers and launch remote code execution attacks.

New variants of the original exploit have been surfacing rapidly since Friday (December 10), with as many as 60 or more variations in less than 24 hours, calling it an evolutionary repression of the exploit.

Checkpoint notes, “For example, it can be exploited either over HTTP or HTTPS (the encrypted version of browsing). The number of combinations of how to exploit it give the attacker many alternatives to bypass newly introduced protections. It means that one layer of protection is not enough and only multi layered security posture would provide a resilient protection.”

How bad is it and who is affected?

The vulnerability can be categorized under the buzz word in security industry called “cyber pandemic” which involves devastating attacks that spread quickly. The vulnerability is being actively exploited by hackers in the wild, hence it has been a zero-day status. This means, that the flaw is being actively used by hackers for cyber attacks while the fix from technology companies have not reached all the systems at risk.

Amit Yoran, the CEO of Tenable Inc., was quoted by a leading daily as saying that three systems are reporting being affected by the flaw every second among products running the company’s vulnerability scanning products.

Hackers have reportedly been exploiting it since at least nine days before the vulnerability surfaced. As per Check Point, the company has seen an attempted exploit on over 36.8% of corporate networks globally so far.

What happened so far?

Advisories have been published by the likes of Microsoft and Cisco about the security flaw, while several cybersecurity companies and software makers are releasing fix and solutions to protect systems.

The flaw was acknowledged by popular gaming app Minecraft which advised users to shut down all running processes of the game as well as the launcher. Following the patched version’s auto-download, users will have to restart the launcher.

Finally Check Point notes that most attacks currently have been focussed on “the use of a cryptocurrency mining at the expense of the victims, however under the auspices of the noise more advanced attackers may act aggressively against quality targets.”