Log4j is an open-source logging framework used by many development teams to provide vital functionality within their apps. Java is common in Enterprise systems, IoT devices, and operational technology used to control physical machinery.
The Log4j exploit became public on the 9th of January, but cybersecurity researchers have evidence of attackers using it as early as the 1st of the month. Since the exploit became public, the number of attacks using it has skyrocketed. Researchers report that there had been 840,000 attacks as of the 12th of December. Checkpoint said they saw 100 attacks per minute from cybercriminals using the vulnerability. State actors from China, and undoubtedly other adversarial countries, are using the attack method as well as criminals. Once they have access, the attackers are doing the things they always do, such as deploying backdoors, trojans, malware, ransomware, crypto-mining, botnet activity, stealing data, and more.
The Log4j vulnerability is a big deal. The threats we all face every day can make it seem like there is always another threat we have to counter. The Log4j vulnerability is on a different scale. It allows attackers to easily gain remote control of systems built on Java that have the Log4j utility actively processing log entries. Jen Eastery, the director of CISA, said that the Log4j vulnerability was “one of the most serious I’ve seen in my entire career, if not the most serious.” We concur. It will take considerable effort to clean up and dealing with the fallout is likely to be part of the cybersecurity landscape for years or even decades to come.
To provide more information about this serious vulnerability, give pointers on what to do, and advise how to discuss it with the non-technical leadership in your organization, Critical Insight held an urgent one-hour webinar on Tuesday the 14th of December.