Since last Thursday experts in cybersecurity and programmers around the world work counterreloj to mitigate the effect of one of the worst vulnerabilities ever discovered. Baptized as Log4Shell, it is a failure in the Log4J library, a module that use all kinds of programs and services in a wide variety of environments.
Log4J is what is known as a registration tool, a utility to create a file in which it is recorded by the different routines and instructions that use an application during execution. In case of failure, lets know where the problem has emerged.
It is an open source software developed in Java by the Apache Software Foundation, and is implemented in many programs and services that we use daily on the network, from the iCloud infrastructure to the Steam Game Store, passing through games like Minecraft or many Free software projects that in turn are part of more complex tools.
The fault is especially worrying about the ease with which it allows running unauthorized code in the attacked system. An attacker only needs the system to enter a code string within the events registered by Log4J to be able to install malware or launch other attacks.
These chains can be introduced very much inoffensively, such as the text of an email, which makes this vulnerability particularly dangerous. The director of the US Infrastructure Cybersecurity and Security Agency (CISA), Jen Easterly, has actually qualified as "one of the most serious, if not the most serious, of all I have seen in my career."
The situation is concerned especially in the business sector, since many custom-made applications for large and medium-sized companies use Log4J as a registration tool, and these companies do not always have the resources or have the flexibility to quickly implement the necessary changes To protect yourself
In many cases, they may not even be aware that they use this tool, since it is a small module intended for a very specific task that is often implemented within
The different pieces that make up an application. They are concerned, above all, the tools and programs created for companies and organizations in critical sectors, such as finance or energy.
Several safety agencies and companies such as Cisco or Cloudflare have detected attacks that have used this vulnerability as a vector since the beginning of December, but it is not ruled out that in some circles it was even known since much earlier. An employee of the company China Alibaba was the first to alert the Programmers of the Apache Software Foundation at the end of November.
Since the publication of the ruling last Thursday, in addition, the number of attacks has been shot in the network. Twelve hours after public vulnerability, the software company Check Point encrypt at 40,000 the number of thrown attacks taking advantage of Log4Shell. On Monday, the figure was already approaching a million.
Microsoft also points out that the type of attacker is increasingly diverse. Log4Shell has been used to install cryptomoned mining applications, to steal information or impersonate identities within a system. The company calculates that there are still hundreds of millions of vulnerable equipment around the world.Updated Date: 08 January 2022, 07:05