How to detect Log4j vulnerabilities in your applications

How to detect Log4j vulnerabilities in your applications


What do we know about Log4j?

Log4J is a Java library for logging error messages in applications. It’s newly identified critical flaw is portrayed as CVE-2021-44228. This lets any remote cybercriminal take control of another device on the internet if it’s running Log4J versions 2.0 to 2.14.1. 

The issue is a bug in the Log4j library that can permit a cybercriminal to execute subjective code on a framework that is utilising Log4j to work out log messages. This security weakness has a wide effect and is something that anybody with an application containing Log4j needs to promptly focus on.

The Challenge

Log4j is utilised by numerous Java applications. The test here is finding Log4j on account of the way Java bundling works. It’s conceivable you have Log4j concealing some place in your application and don’t have any acquaintance with it.

In the Java environment, conditions are conveyed as Java document (JAR) records, which are bundles that can be utilised as a Java library. Ordinarily utilised instruments, like Maven and Gradle, can naturally add JAR documents as you construct your Java application. It’s additionally workable for a JAR to contain one more JAR to fulfil a reliance, which implies a weakness can be covered up a few levels down in your application. In certain circumstances, one reliance pulls in many different conditions making it much harder to track down.

Identifying and Protecting

There are many ways to identify and protect yourself and your company some of which are highlighted below:

  • Microsoft has released its guidance for preventing attacks on Log4j vulnerability. Examples of the post-exploitation of the flaw that Microsoft has seen include installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems. 
  • Identify devices running Log4j and upgrade them to version 2.15.0, also setting up alerts for probes or attacks on devices running Log4j.  
  • Installing a web application firewall such as Azure and McAfee.
  • Open-source tools such as Anchore can scan to identify Log4js existence and report of where there are any vulnerabilities

How to keep your company safe

It is not a simple fix to combat all vulnerable devices, companies need to patch their software to include the new version of Log4j version 2.15.0. Ensure you company’s security prevention is up to date and all updates’ prompts are completed. Finally cyber-attack prevention training within your workplace is a must, if team members know what to look out for and when not to click ‘open’ then that is the biggest hurdle completed.

Date: January 10, 2022

Author: Morris

Inspired to improve your IT? Get in Touch!

Contact Us

Check out our social media: