Tech tips: Cyber pandemic - Log4Shell

Inyova’s short monthly newsletter about security recommendations, news, and interesting facts.

This is an internal newsletter sent to the Inyova team each month. We hope you enjoy it as much as we do!

Today’s topic: Cyber pandemic log4Shell

Sweet servers intro

Servers have a great memory and computing power, they provide data and services to other computers (aka clients) in their network. And of course, they reject offering their data and services to unauthorized entities.

All the activity that happens on servers is being tracked – logged. Thanks to that professionals can spot any interactions, behaviour, issues, cyber-security attacks, and more. For logging, they often use a well-known, widespread library – Log4j.

What happened?

On December 10, 2021, NVD published a 0-day vulnerability in java-based library Log4j. The vulnerability got the name Log4Shell.

News and blogs call the event a cyber-pandemic as Log4j is widely spread and the vulnerability is easy to exploit. The criticality was set to 10/10.

How Log4Shell works

Long story short, an attacker can pass a request to a server, the server logs the request, and the vulnerability allows it to run the malicious code.

Once that happens, the attacker opens a door to the server and can continue with any further attacks. All this is done remotely, without any authentication or authorization.

So to recap, anyone that is using this affected version of Log4j can have a server with all stored data under attack and stolen? — Yes. And the list of affected companies is pretty long.

What should I do?

As users, we cannot easily find out which concrete platform or app is using the affected version of Log4j. But, all players affected by Log4Shell immediately started releasing patches (fixes and workarounds).

Today, 1 month after the attack, we can assume that most of the big internet players have already released a stable and secure version of their product. Hence, the best shot is to update all your software.

What should companies do?

Inyova has verified that our setup is not affected by the Log4j vulnerability. The same approach should be taken by all other companies to minimise the impact of any future attacks.

That’s it! Keep your mechanics safe and thanks for reading.

Sources: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

https://hackernoon.com/the-critical-log4j-java-vulnerability-how-to-detect-and-mitigate-it

https://engineerworkshop.com/blog/log4j-determine-server-affected-log4shell-vulnerability/

Haftungsausschluss: Die Wertentwicklung von Finanzmärkten und -instrumenten in der Vergangenheit ist niemals ein Indikator für die Wertentwicklung in der Zukunft. Die Aussagen oder Informationen in diesem Dokument stellen keine Empfehlung, kein Angebot, keine Aufforderung zum Kauf oder Verkauf von Wertpapieren oder Finanzinstrumenten dar. Die Inyova AG übernimmt keinerlei Gewähr hinsichtlich der Zuverlässigkeit und Vollständigkeit der Informationen dieses Artikels. Haftungsansprüche gegen die Inyova AG wegen Schäden, welche aus der Nutzung der in diesem Dokument veröffentlichten Informationen entstanden sind, werden ausgeschlossen. Darüber hinaus spiegeln die in diesem Dokument enthaltenen Aussagen eine Einschätzung zum Zeitpunkt der Veröffentlichung wider und können sich ändern. Verweise und Links auf Webseiten Dritter liegen ausserhalb des Verantwortungsbereichs der Inyova AG. Jegliche Verantwortung für solche Webseiten wird abgelehnt.

Tech tips: Cyber pandemic – Log4Shell

Sweet servers intro

What happened?

How Log4Shell works

What should I do?

What should companies do?

Tech tips: Credential stuffing attack

Tech tips: Massive ransomware increase