The Log4Shell Data Breach: Third-Party Security Vulnerability Found in Popular Logging System

Blog post Zachary Jarvinen 2022-01-10

Since Dec. 10, 2021, cybersecurity experts have been scrambling to contain the exposure of businesses and other organizations to the Log4Shell, a critical third-party security flaw found in Apache Log4j 2. The vulnerability was first discovered in the servers of the sandbox video game Minecraft. Meanwhile, researchers have found that hackers have already made millions of attempts to exploit the zero-day Log4j 2 Java library loophole.

Apache Log4j 2 is a popular open-source error message logging system used by thousands of businesses and organizations worldwide, including Google, Twitter, and Microsoft. That means the third-party vulnerability has exposed millions of devices, web servers, public services, and apps to potential breaches.

What is Log4j 2?

So, how could the vulnerability impact your organization? To get the answer, it is essential to understand Log4j 2. Apache Log4j 2 is the leading error logging system that companies integrate into their apps to track and communicate problems encountered by users. It constantly monitors errors, from basic browser issues to complete technical information about the device or app running the software.

The Log4j 2 library not only records or communicates error messages but also implements commands to gather in-depth details about the logged errors. The system liaises with other elements like the internal directory to make this happen.

Ramifications of the Log4Shell Data Breach

The Log4Shell software flaw allows malicious actors to remotely hijack devices connected to the internet and operating specific versions of Log4j 2. Hackers could easily capitalize on the vulnerability with the help of text messages and seize control of your devices, systems, and apps.

The omnipresent nature of the Log4j 2 library makes the risk even more dangerous. Given that large and renowned companies and services like Amazon Web Services, VMWare, Google, and Microsoft rely on the Log4j 2 library, patching can be a sophisticated and strenuous process. Plus, how easily bad actors could exploit the loophole makes its consequences even more alarming.

Technically speaking, the Log4j 2 library manages the logging of error messages and code threads. As such, the security flaw allows hackers to take command of a piece of information, causing the app to implement malicious activities. For instance, the system works together with other sources like directory services. In that case, malicious actors can exploit the flaw to install codes from dangerous external sources.

But how specifically hackers could capitalize on the Log4Shell vulnerability can differ from one affected device to another. Until now, the commonly detected malicious activities resulting from the breach, according to Microsoft, include:

  • Ransomware execution.
  • Logging credential theft.
  • Data exfiltration.
  • Compromising of virtualization frameworks.
  • Taking control of weak networks and more.

Effects of the Log4Shell on Consumers

As stated above, businesses and other organizations run the Log4j library across their apps and systems. Some organizations source it directly from the vendor, while others use it through third parties. And when it comes to the threats caused to consumers by this vulnerability, it is worth noting that many home equipments are connected to the internet and run the Log4j 2 library. That means end consumers are also exposed to the threats of Log4Shell.

To be safe, consumers must disconnect all such devices and equipment from the internet and wait for the manufacturers to complete the patching process. We recommend you visit the website of the providers of your smart home devices to stay updated about progress on the patching. Most organizations and manufacturers have constantly been rolling out news and updates through their websites regarding the Log4Shell and how they’re tackling the vulnerability.

Plus, you must install software updates as soon as they’re available by the manufacturers or vendors of your connected devices. Also, be sure to research whether the Log4Shell has affected online services, solutions, and products you use and what actions those companies are taking to secure your personal data.

What Measures Did Apache Take to Contain the Damages?

On Dec. 6, 2021, Apache rolled out an update for CVE-2021-44228, version 2.15. Unfortunately, this update wasn’t enough to fix the entire security loophole. The company then issued a second patch, CVE-2021-45046, version 2.16. A third update, CVE-2021-45105, version 2.17, was released on December 17 to fix an associated flaw. To fix one more flaw, the company rolled out a fourth patch, CVE-2021-44832, version 2.17.1.

Apache may issue more patches; mitigation will continue, and more damage may happen. But the essence of the Log4Shell data breach wouldn’t change.

Log4Shell Vulnerability: Recommendations for Organizations

If your company or organization uses Log4j 2 in apps or systems, you must update them as soon as possible. This step is crucial even if you’re using third-party apps that run the logging system. Swift measures are the key since the vulnerability is super easy to exploit and affects all sorts of devices, apps, and infrastructures.

All organizations using any type of server affected by log4J are vulnerable. No matter the type of endpoint or protocol, the affected log4j version makes it easy for malicious actors to launch attacks.

A reliable, modern third-party risk management platform can help you identify the affected systems, besides allowing you to secure your organization against future risks. The nature of third-party risks is becoming more complex as businesses rely on third-party vendors to stay profitable and competitive. Vulnerabilities like the Log4Shell are here to stay, and the only way to secure your organization is to modernize your TPRM platform.

Next-generation VRM softwares like Vendor360 allow you to automate the third-party risk monitoring and identification process. They help you stay on top of the evolving risks and threat landscape. On top of that, Vendor360 allows you to manage vendor selection and onboarding, prioritize risks, and provide your supply chain members with a powerful application to respond.

CENTRL’s Vendor360 empowers your security team to get real-time insights into vulnerable systems and assets and monitor your entire extended enterprise’s supply chain security. It is super easy to deploy, can boost your efficiency by more than 50 percent, and improves risk oversight.

Want more reasons to choose Vendor360? Learn more about our powerful VRM platform! Or schedule a LIVE DEMO.

Similar resources

More resources