A huge number of cyber attacks take advantage of a dangerous flaw called log4shell in the software log4j. We will see how this form of attack works and whether it can affect us.
What Is Log4j?
The log4j error is also called the log4shell vulnerability and is known by the number CVE-2021-44228 ) is a weakness mainly in Apache server. The bug is in the log4j open source library, a collection of predefined commands that developers use to speed up their work and prevent them from repeating complex code.
Libraries are the foundation of many, if not most, programs, as they save us a lot of time. Instead of having to write a whole code over and over again for some tasks, you just write a few commands that tell the program that it needs to get something from a library. Think of them as shortcuts that you can put in your password.
However, if something goes wrong, such as in the log4j library, it means that all programs that use this library are affected. This would be serious on its own, but Apache runs on too many servers.
How the Log4j defect works
You can replace a single text string (a line of code) that makes it load data from another computer on the Internet.
A hacker can feed the log4j library with a line of code that tells the server to retrieve data from another server that belongs to the hacker. This data could be anything from a script that collects data on devices connected to the server, such as browser fingerprints, but even worse, it could take control of that server.
Impact of Log4j
The impact of this defect is huge, as one-third of servers worldwide are affected, including those of large corporations such as Microsoft as well as Apple's iCloud and its 850 million users. The servers of the Steam gaming platform are also affected. Even Amazon has servers running Apache.
It's not just the big companies that could hurt. There are many smaller companies running Apache. The damage a hacker could do to a system is small enough for a multi-billion dollar company, but to a small company it could be fatal.
All one can do now is install patches that fix the defect. However, experts already say that it will take years to completely repair all the affected systems. Cybersecurity professionals should find out which systems have been affected by this defect, but checks should also be made to see if the system has been compromised and if so, what the hackers did in those files.
Even after some updating, there is a possibility that hackers have left behind something that still does its job. This means that the servers need to be cleaned and reinstalled. Lots of work that can not be done in one day.
How does Log4j affect you?
All of the above may sound like something that can only affect companies and not individuals. However, there is a risk to everyone, even if they are not running a server Apache.
As we mentioned, the hacker steal data from certain servers. If a company does not secure the data properly (without encryption), there will be problems.
This data could be anything from usernames, passwords or even your Internet address and activity. Your credit card information is usually encrypted.
Although it is too early to say what will happen now, it seems that very few people will be able to avoid the effects of log4j.