What is Log4j & Why Should You Care?

What’s the Big Deal About Log4j & Why Should You Care?

Australia is currently facing another global bug - but this time it’s digital. The Apache Log4j mishap has been described as “the biggest cyber breach in history” and businesses and governments are being told to prepare.

But what is Log4j and how vulnerable is your business? As The IT Department is working to review our customers’ exposure and doing what we can to keep them protected, we thought it was about time we broke down the meaning of this cyber security breach. So, you can understand exactly what it is and whether you should be as worried as the rest of the country seems to be.

What is the Log4j vulnerability?

Provided by the Apache Software Foundation, Log4j is an open-source library written in Java, which developers can use to build applications and services on the web. In December 2021, a vulnerability was spotted, which would open up the gates for attackers to break in and steal information, as well as infect systems with malicious malware.

The vulnerability has been nicknamed ‘Log4shell’. 

Who’s at risk?

Since millions of computers around the world use Log4j, there’s potential for a huge amount of backlash from this vulnerability. When the bug first came to light, Check Point uncovered more than 60 new variations of the exploit being developed in less than 24 hours.

Log4j is likely to be used on most of the online services you use daily, and individuals should make sure they update their devices regularly at this time to protect themselves. As for businesses, many of your web servers, web applications, devices and other software and hardware could be using Log4j. 

Right now, it’s best to take steps to identify where Log4j is being used in your organisation, and install the latest updates wherever possible to patch vulnerabilities. 

How does Log4Shell work?

Without getting too technical, Log4Shell works by manipulating a feature of Apache Log4j. This feature lets users write custom code to format a log message, and requires the Log4j server to communicate with separate servers that contain the real names of users.

This feature also lets third-party servers submit code that generates certain actions on a targeted computer. That’s where the danger comes in. Attackers can take control of the system, send malicious content to users and steal sensitive information. 

And, it seems that cybercriminals don’t need to have much experience under their belt to exploit Log4j. The bar is low and it only takes a couple of minutes to do some damage.

Should you be worried?

It all comes down to what this cyber pandemic means for your business. Is it even a threat at all?

Since Log4j is embedded in pretty much every Java product or service out there (including Twitter, Amazon and Microsoft), its potential to spread is almost unlimited. Check out the infographic by Check Point to get an idea of how risky this thing is.

Source: https://www.checkpoint.com/latest-cyber-attacks/critical-vulnerability-in-apache-log4j/ 

While we all wore masks to stop the spread of COVID, there’s no one fixed approach to slowing down the cyber pandemic. That’s because of Log4j’s diverse uses. However, the first step is to recognise how your business and individual computers are being exposed, so you can eradicate the vulnerability.