On December 9, 2021, The Apache Foundation disclosed a critical security vulnerability in their Log4j utility that results in remote code execution.
Log4j in Brief
Log4j is a utility for logging error messages which is very commonly used across much of the internet. The vulnerability (designated as CVE-2021-44228 by MITRE) stems from Log4j trusting user-generated content and then not only logging that content, but also interpreting specially crafted instructions found in that content. Threat actors are therefore able to execute arbitrary code in the vulnerable system.
News articles have said that threat actors are leveraging the log4j flaw to deploy ransomware, remote access Trojans, and web shells on vulnerable systems. Several botnets have already adapted to exploit the Log4j vulnerability.
How Common Is Log4j?
The affected version of Log4j is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks. Consequently, advisories and patches have been released by Amazon Web Services, IBM, and Oracle, among others. All told, millions of software applications could be affected.
How Lumu Addresses the Log4j Vulnerability
First, Lumu detects contacts with adversarial infrastructure that are potentially related to adversaries attempting to exploit this vulnerability.
Second, Lumu systematically collects and analyzes network metadata. By doing so, Lumu gives organizations the ability to detect malicious activity related to malware families that are known to be using the Log4j vulnerability to communicate with their networks—and does so in real time.
Your Call to Action
Installing the most recent version of the Log4j utility is the paramount priority. At the time of writing, 2.16.0 is the latest version, but new versions are being released by The Apache Foundation.
Proofs of concept for the exploitation of Log4j are available in the public domain, which means that cybercriminals can access them as well. At this moment, it is critical to look for connections of adversaries trying to exploit the Log4j vulnerability, continuously monitor compromised assets, and automate response tasks associated with this threat.
At Lumu, we believe that all companies can operate cybersecurity, no matter their size. That’s why we offer Lumu Free, which allows you to immediately see if your network is speaking with adversaries exploiting the Log4j vulnerability or others.