You may have heard it about it in the news. You may not. But security teams at companies large and small are scrambling to patch a previously unknown vulnerability called Log4Shell, which has the potential to let hackers compromise millions of devices across the internet.
Not without reason, Log4Shell is being described as the most critical vulnerability of the last decade. One industry insider described it as the internet being on fire. Within 12 hours of the bug being discovered it had been weaponised by cyber miscreants and tools developed and distributed to exploit it.
How does Log4Shell work?
- The vulnerability is located in open-source Apache Java software used to run websites and other web services.
- Log4Shell grants easy access to internal networks, making them susceptible to data theft and loss and malware attacks. If exploited, the vulnerability allows remote code execution on vulnerable servers.
- The extreme ease with which the vulnerability lets an attacker access a web server with no password required is what makes it so dangerous.
- Discovered last week, cyber attackers have already been detected making over a hundred hacking attempts each minute by the remote scanning systems to identify vulnerable systems.
- There are already active examples of attackers attempting to leverage Log4Shell vulnerabilities to install cryptocurrency-mining malware. There are also reports of several botnets that are making attempts to exploit the vulnerability.
- Potentially millions of applications could be affected.
The vulnerability makes it possible for an attacker to easily inject code into log messages. The targeted server will then execute the code. For instance, this could be a message to download malicious malware.
Logging is a process where applications keep a running list of activities they have performed which can later be reviewed in case of error.
Since applications routinely log a wide range of events, such as messages sent and received by users, or the details of system errors, the vulnerability is unusually easy to exploit and can be triggered in a variety of ways.
Why are web servers vulnerable?
Apache server is the most common web server available in the market. Apache is an open source software that handles almost 70 percent of all websites available today. Most of the web-based applications use Apache as their default Web Server environment.
Update released patching required
An update has already been released to mitigate against the vulnerability, but given the time taken to ensure that all vulnerable machines are updated, Log4Shell remains a pressing threat.
While most organizations and cloud providers such as Amazon Web Services should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which can only be updated by their owners.
Will this affect me?
The early evidence suggest that hackers are using the vulnerability to take over computers so they can remotely use each computer’s processing power to mine for cryptocurrency. In these cases users whose computers have been exploited would only notice their computer slowing down.
However, there is real concern that serious threat actors will try to exploit the flaw in order to attack a wide range of high-value targets such as banks, state security and critical infrastructure.
What should I do?
Large organisations with extensive IT operations will be aware of the threat and as you are reading this will have patched their systems to safeguard against the vulnerability.
However the main threat comes from smaller organisations who may not be aware that they are running applications that could be exploited. This means that attackers could plant malicious software or hijack credit card details on compromised servers.
However, you can take protective measures, which are simple good cyber security hygiene steps.
- First, you need to be running top antimalware protection that will detect, and block attacks should a server you use be infected. It will keep your home devices safe.
- There is little that you can do if a server that holds your personal data is attacked other than hope that your data is solidly encrypted. However, that said, keeping a close eye on your bank and payment card accounts will enable you to spot suspicious payments or withdrawals.
- Use identity protection to keep your account details safe. It scans underground websites and forums were stolen data is traded. If your details are discovered you receive an immediate alert allowing you to take protective steps.
- Also keep an eye on your email and any suspicious messages. If your email has been compromised cyber villains might pose as you in order to carry out fraud.