The Log4j flaw still exposes thousands of devices to cyberattacks

May 6, 2022
Log4j Flaw Vulnerability Expose Devices Cyberattacks

Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches.

The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch remote code execution and access machines that utilise the Apache Log4j.

Security experts explained that the logging library’s flaw is easy to abuse, considering how Log4j is used in many Java applications, software tools, and services. Some experts even describe the flaw as one of the most critical flaws ever discovered.

Since the vulnerability was found, numerous security analysts worldwide have published warnings and patches for users who utilise Log4j. Yet, many are still exposed to cyberattacks since they have not applied the security patches provided by the experts.

 

More than 90,000 internet-facing apps and over 68,000 servers are vulnerable to the Log4j flaw.

 

The collected data made researchers think that it could only be a fraction of the entire scope being prone to the dangers of the security flaw. Since the first few moments that the Log4j was detected, many threat actors have already attempted to launch ransomware attacks against vulnerable systems.

Notorious state-sponsored threat groups also took advantage of the critical flaw, including Chinese-based espionage gangs Hafnium and APT41 and the APT35 and Tunnel Vision from Iran.

According to some analyses, the Log4j flaw remained in the threat landscape because it is deeply embedded in its applications; thus, it is almost indistinguishable if the Apache logging library is even a part of the app’s system.

Security experts recommend patching the Log4j critical flaw found in users’ applications or servers. These servers also needed to be regularly inspected to identify security flaws and implement appropriate patches and updates before threat operators could find a channel or opportunity to launch their attacks.

About the author

Leave a Reply