The Log4j Vulnerability: What Happened and What’s the Impact

In December 2021, a major vulnerability was revealed in a widely used open-source logging tool. The vulnerability became known as Log4j and was referred to by many IT professionals as one of the most serious cyber security breaches they’d ever seen.

February 09, 2022

Hackers set up machines that delivered malicious payloads and scanned the internet to find vulnerable servers. To carry out an attack, they’d query services such as web servers, and try to trigger a log message like a 404 error. The query included maliciously crafted text, which Log4j processed as instructions. These instructions created a reverse shell, which allowed the attacking server to remotely control the targeted server, or in some cases made the targeted server part of a botnet. Botnets use multiple hijacked computers to carry out coordinated actions on behalf of hackers.

Many hackers were trying to abuse Log4Shell, ranging from ransomware gangs locking down Minecraft servers, hacker groups trying to mine bitcoin, to hackers associated with China and North Korea trying to gain access to their geopolitical rivals’ sensitive information. The Belgian Ministry of Defence reported that its computers were attacked using Log4Shell.

Although the vulnerability first came to widespread attention 10 December 2021, people are still identifying new ways to cause harm through this mechanism. Further versions of this vulnerability have been seen recently with both CVE-2021-45105, and CVE-2021-44832. Each of these vulnerabilities received a CVSS score of 7.5 and 6.6 respectively. Moving forward, it is critical to continue to monitor and scan for Log4j vulnerabilities, including monitoring your technology vendors advisory notices on this.