Posted on December 11, 2021 at 6:49 PM
Hackers are seeking to exploit a Log4shell flaw, endangering millions of servers
The internet exploded recently with the news of a new critical vulnerability found in a commonly used logging tool, named Log4shell. The flaw is found in a piece of software commonly used in the popular game, Minecraft.
The tool was discovered to have an exploit that could potentially endanger millions of servers all over the world. However, the greatest threat comes from the fact that this tool is also used by countless organizations, as well.
Adam Meyers, the Vice-President of intelligence at a well-known cybersecurity company, Crowdstrike, said that the internet was on fire following the announcement of the flaw and that people around the world are scrambling to patch it. However, at the same time, many others are also in a rush to exploit it and potentially endanger all those who were too slow to react to the flaw being unveiled.
Meyers warned on Friday that the bug has been fully weaponized in less than 12 hours since its discovery was made public, and that malicious actors have already built tools to exploit the flaw. This is also not surprising, given the fact that the flaw seems to be the worst computer-related vulnerability to be discovered in years.
What is Log4Shell and why is it so bad?
Log4Shell was discovered in an open-source logging tool that is used in enterprise software, cloud servers, and similar use cases. The most essential detail, however, is that it is not limited to a single industry — it is used by numerous industries, and even governments themselves.
If anyone were to find an active tool that wasn’t patched, they would be able to access internal networks, loot data, plant malware, erase sensitive information, and more. As such, the tool is perfect for all online criminals, spies, and hackers who wish to gather intelligence or cause damage.
Cloudflare’s chief security officer, Joe Sullivan, also commented on the discovery of the flaw, stressing that it would be difficult to name a company that is not at least partially at risk. Apparently, the tool is used by millions of servers and the fallout will likely be unknown for days to come. The vulnerability is already considered to be the biggest and most critical flaw of the past decade, according to Tenable’s CEO, Amit Yoran.
Apache Software Foundation echoed this statement by rating the flaw with the number 10 on a 1-10 scale. The reason why the flaw is considered so bad is the fact that it doesn’t even require a password before one can gain full access to an unpatched device running the tool.
According to a report by the New Zealand computer emergency response team, the flaw is already actively used in the wild, which the team managed to discover in mere hours after the report revealing the vulnerability was published. Fortunately, the patch was already created, and it was released alongside the report. The problem, however, is that the tool will likely not be patched automatically, which means that anyone who uses this software needs to be aware of the flaw and how to fix it.
The flaw itself was discovered by Alibaba, a Chinese tech giant, which reported it to Apache on November 24th of this year. The software firm then took around two weeks to make a patch, releasing it as soon as it was convinced that it will do the job properly. However, implementing it in all the places where it needs to be used will be a lot more difficult.
Of course, larger organizations and corporations will have no issue with finding and implementing the software, but that will not be the case with everyone who needs this fix. Tenable’s CEO, Amit Yoran, said that it would be best if everyone assumed that they have been compromised and that they should act quickly to protect their networks.
The reason why the tool’s usage in Minecraft was mentioned specifically is the fact that the first obvious signs of the flaw’s exploration appeared in this very game.