Search
Close this search box.

Complete remote hacking possible: The nightmare security flaw that has the internet scrambling

Share:

It’s about as bad as it gets.

A critical, zero-day vulnerability in a ubiquitous piece of software used the world over.

Straightforward to exploit, it allows for full control of a compromised server over the internet.

Hackers are already using the flaw to break into organisations around the globe. It’s being called ‘Log4Shell’.

The 10/10 severity vulnerability lives within a hugely popular Java logging library known as log4j, used by many platforms across the internet, including the likes of Apple, Amazon, Google – and Minecraft, where the bug was first discovered.

It’s so concerning because it allows for a thing called remote code execution – one of the most dangerous types of vulnerabilities because a hacker can take complete control of someone else’s machine over the internet.

That’s compounded by the fact that log4j is so widely used; by enterprises like Telstra, as well as the world’s largest cloud and online platform providers.

Add to the mix someone publishing a proof-of-concept to exploit the flaw, and hackers actively scanning the internet to identify vulnerable servers, and we’ve got a big problem on our hands.

“Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe,” security firm LunaSec wrote.

“Millions of applications use log4j for logging, the act of keeping a log of any event or action that happens on a server. And all the attacker needs to do is get the app to log a special string,” security researcher Marcus Hutchins said on Twitter.

“The internet’s on fire right now,” Adam Meyers, senior vice president of intelligence at Crowdstrike, said.

Log4shell

“People are scrambling to patch and there are all kinds of people scrambling to exploit it. In the last 12 hours it has been fully weaponised.”

Hackers were able to compromise Minecraft’s servers simply by pasting a short message into a chat box, according to Hutchins.

Anyone using versions 2.0 to 2.14.1 of log4j is affected. It also impacts default configurations of Apache frameworks like Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, among others.

We’ve seen the type of damage that can be wrought through flaws in open source software like Apache before: the devastating 2017 breach of credit bureau Equifax – which saw the personal data of 148 million Americans and 15 million Brits compromised – was perpetrated through a flaw in Apache Struts.

Apache has released an update to close the vulnerability.

Authorities are urging users to install the patch or update to the latest version of log4j wherever it is used immediately.

For those that can’t, a mitigation is available for versions 2.10 and above : setting the system property “log4j2.formatMsgNoLookups” to “true” or removing the JndiLookup class from the classpath.

Security firm Cybereason has also released a ‘vaccine’ package called Logout4Shell that exploits the flaw in order to change a setting and fix the vulnerable server.

But evidence that hackers are already compromising vulnerable targets means there’s little time to waste.

“Due to the ease of exploitation and the breadth of applicability, we suspect ransomware actors to begin leveraging this vulnerability immediately,” security firm Randori said.

“Randori encourages all organisations to adopt an assumed breach mentality and review logs for impacted applications for unusual activity.”

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.
Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →