 |
| Millions of servers are at risk from the Log4Shell vulnerability |
Security teams at companies large and small are trying to fix a previously unknown vulnerability called Log4Shell, which could allow hackers to infiltrate millions of devices across the Internet.
When exploited, it enables remote code execution on vulnerable servers, allowing attackers to import malware that could potentially harm a device.
The vulnerability was discovered in log4j, an open source protocol library used by online applications and services.
Logging is a process in which applications keep a running list of the activities they have performed so that they can be viewed later in the event of an error.
Almost all network security systems perform some type of logging and provide extensive access to popular libraries such as log4j.
Marcus Hutchins, a security researcher known for preventing global WannaCry malware attacks, pointed out that millions of applications are affected on the Internet.
Zagal Hutchins tweeted: Millions of apps use Log4j to register, and the attacker only needs to register the app as a private channel.
The vulnerability first appeared on the site hosting the Minecraft server. Attackers could tamper with the vulnerability by posting chat messages.
A tweet posted by security analyst firm GrayNoise stated that multiple servers were found scouring the internet for vulnerable hardware.
A blog post from application security company LunaSec mentioned that some services are vulnerable to such attacks. Cloud services like Steam and iCloud have proven to be vulnerable.
To exploit this vulnerability, the attacker would have to prompt the application to store a private string in the registry.
And since the app often logs various events, the vulnerability is easy to exploit. It can also be used in different ways.
Log4Shell vulnerability makes way for code execution
Cloudflare's CTO said, “Because of the widespread use of Java and this log4j package, this is a very serious problem. There are a large number of Java programs associated with the Internet and back end systems.
He added, "In the past 10 years, two equally severe vulnerabilities have emerged, namely Heartbleed and Shellshock.
The first vulnerability allows information to be obtained from a trusted server. The second vulnerability allows code to run on a remote computer.
However, given the variety of applications at risk and the range of possible delivery mechanisms, firewall protection alone cannot eliminate the risk.
Theoretically, the attack could be carried out by hiding the attack chain in a QR code that is scanned by the parcel deliverer. This means that the vulnerability does not have to be sent directly to the Internet to penetrate the system.
An update to the log4j library has been released to mitigate security issues. However, with all vulnerable devices updated, Log4Shell remains an urgent threat.