Log4j (CVE-2021-044228) hones in on unauthenticated remote code execution to allow hackers to retrieve information from a remote server and action it locally from their systems. This vulnerability then allows hackers to load arbitrary code onto servers and install malware to initiate attacks - reportedly 1.2 million attacks have already been executed using this method.
Due to the high number of reported cases, log4j has been given the highest security score and is found to be capable of performing many scans on Windows machines, specifically by taking advantage of the system weaknesses. Attackers use ‘netcat’, a Windows privilege escalation tool, mainly used for gaining privileges to encrypt it with ransomware.
This encryption would also allow attackers to control log messages and execute arbitrary code attacks, giving them control of the computer servers. There's also a large risk that this will lead to an increase in attacks later down the road as more hackers become familiar with the vulnerability, so the flaw could be potentially disastrous if defence mechanisms are not put in place.
You can find a list of log4j affected software here: Apache log4j Vulnerability CVE-2021-44228: Analysis and Mitigations (paloaltonetworks.com)
It's important to set up these defences against hackers. A patch against log4j vulnerability titled 2.15.0rc2 has been released in the last week and ensures safety against ransomware attacks on the system. Firms should be diligent in downloading this update and ensuring it's available on all systems throughout the organisation.
This solution is not universal, and the efficiency of the patch will depend on the internal coding of your systems. Therefore, it's important that firms take precautions in developing their own software updates for log4j to establish safe security measures that cater to your specific needs and systems.
For more insight and guidance on protecting your organisation from log4j vulnerabilities, get in touch with Nick Smith.
