Apache Log4j vulnerability: Attack levels remain high in the new year
Date published: 12 Jan 2022
Last month a critical vulnerability in the Apache Log4j software was reported. Despite a number of patches already being released, it has been widely reported that bad actors are continuing to find new ways to exploit the Log4Shell vulnerability.
Log4j is responsible for recording system operations and errors and provides a mechanism to generate diagnostic messages to users and administrators of the system. The software is widely used and is provided by the Apache Software Foundation.
The Log4Shell defect has enabled attackers to execute malicious code on target computers remotely. Hackers are able to use this to steal the target’s data, control the system or install malware.
The first patch was released on December 6, but this failed to fix part of the vulnerability, causing CVE-2021-44228. A second patch was released on December 16 to address this and a third was released a day later to address the related CVE-2021-45105 vulnerability.
Finally on December 28 a fourth patch was rolled out to fix another related vulnerability, CVE-2021-44832.
In response, the US Cybersecurity and Infrastructure Security Agency (CISA) released an Emergency Directive that required all federal civilian agencies to take immediate action. Agencies were given until December 23 to update assets with all provided patches, follow outlined mitigation measures or remove affected assets from agency networks.
By December 28, agencies were also required to report all affected software applications and confirm what action had been taken.
Just before the New Year, Microsoft released their new Log4j dashboard to manage threats and vulnerabilities in the Microsoft 365 Defender portal. CrowdStrike also released their scanner for Log4j and vendors such as Cisco and VMware released patches for their affected products.
One common attack that has been reported is bad actors, possibly state-sponsored, taking control of computers to mine for cryptocurrency. There have also been numerous reports of botnets being used to overwhelm websites with spam or high traffic.
Use Nipper to check your devices for Log4j
Titania Nipper is unaffected as it does not use the affected Log4j Java library, and the software can be used to check whether your supported devices are vulnerable. See our instructions for how to update Nipper resources and run a vulnerability audit.