What is the Log4J Vulnerability - Synchroworks Consulting

Cyber criminals are thriving due to a recent Log4J vulnerability exposure that came to light in early December 2021.

This has left researchers scrambling to patch up systems and now, weeks later, everyone is asking: Is this ever going away?

Since early December 2021, cyber attackers have been wreaking havoc by exploiting a security vulnerability in Log4j. In simple terms, it’s a section of a popular software package. Big tech experts such as Microsoft are warning users that the impacts of Log4j may be more concerning and widespread than first thought. If you don’t have a new year resolution that you’re working on in 2022, a good one to adopt would be improving your data protection habits. It’s relevant now more than ever. And here’s why.

What is Log4j (also known as Log4Shell)?

Log4j is a piece of software that is part of the popular Java logging package. It is used to record activities in many consumer-facing products and services such as cloud platforms, web applications and e-mail services. We all use cloud storage (often for personal, important files), web applications (Microsoft Teams is one widely used example), and e-mail (such as Outlook or Gmail). This affects us all and we all must take increased caution to stay safe online.

Right now, experts are seeing that the main attempts by cyber criminals have been low-level crypto-mining or the use of botnets to draw users in to leak sensitive information. There is speculation that cyber criminals are waiting to carry out more Log4j intrusions when companies have their guards down. Whether you are a business or a casual browser, staying educated on the topic and how it’s evolving worldwide is important. Remember that cyber criminals do not abide by international borders. The entire internet is their playing field.

Why is the Log4j vulnerability concerning?

The vulnerability continues to evolve every day and is a part of many interconnected structural issues. What makes the vulnerability so concerning is that it is one of the major components for many open-source services that are used by an innumerable variety of companies online. This makes the need for being cyber safe is extremely important as we move into 2022.

Cyber attackers are taking advantage of the vulnerability and are attempting to gain access to servers through unauthenticated remote code execution. When cyber criminals arrive here, they can install malware that can steal your personal information (usernames, passwords, banking information etc.). Hundreds of millions of devices are thought to have been affected.

What’s being done to correct the Log4j vulnerability?

Tech security experts believe that the fallout from the vulnerability will continue to put all users at risk well into 2022. It can’t just be ignored or forgotten. Without patches and fixes being applied, cyber criminals will continue to expose more and more users online. Security professionals believe that entire servers may be hijacked due to this vulnerability. Not only are regular users at risk, but also large corporations. In short, this has become one huge mess for everyone.

What Can I Do Until Experts Patch up Log4j?

Botnets are attempting to patch up the vulnerability, but what can you do to protect your information? Keep on top of updates as they become available for every single device and software that you own, including your routers and wireless access points. Since early December, Microsoft has provided several updates to its Defender software. In early January, it also added vulnerability dashboards for Windows 10 and 11, Windows Server, and Linux systems to help users fix, find, and restore files.

Tech experts continue to address the root issue of the vulnerability. In the meantime, stay on top of your software and hardware updates.

More information and updates on Log4j can be found here:

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

FTC warns companies to remediate Log4j security vulnerability