Elaine Jean Tech 12.10.2021 11:Dec AM EST

Cybersecurity Warning: Zero-Day Vulnerability in Apache Log4j Discovered in Minecraft, Other Apps

Zero-day exploit began for Apache Foundation's Log4j that was detected first in Minecraft.

Researchers have discovered a serious vulnerability in Java logging libraries that permits unauthenticated remote code execution and access to servers.

Apache's Log4j Vulnerability

Proof-of-concept exploits for a significant zero-day vulnerability in the widely used Apache Log4j Java-based logging library are now being distributed online, putting residential users and businesses at risk of remote code execution cyberattacks.

The Apache Foundation created Log4j is utilized by both enterprise programs and cloud services.

Unfortunately, the newly found zero-day vulnerability in Apache Log4j, a widely used Java logging library, is simple to exploit and allows hackers to take complete control of the affected systems which makes it a serious cybersecurity concern.

While most homeowners have moved away from Java, although the popular games like Minecraft still use it, RCE exploits targeting this vulnerability are likely to affect anything from enterprise software to web apps and services from Apple, Amazon, Twitter and Steam.

Log4j Zero-Day Exploitation

The vulnerability, called Log4Shell or LogJam and now listed as CVE-2021-44228, is an unauthenticated RCE vulnerability that allows complete system takeover on systems using Log4j 2.0-beta9 up to 2.14.1.

Furthermore, Alibaba Cloud's security team reported it to Apache on November 24.

According to Cyber Kendra, the CVE-2021-44228 affects the default configurations of a number of Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.

Malicious hackers are already looking for systems vulnerable to this remotely exploitable security issue that doesn't require authentication on the Internet.

CERT NZ (New Zealand's national Computer Emergency Response Team) has also released a cybersecurity warning of active exploitation which is also confirmed by Coalition Director Of Engineering - Security Tiago Henriques and security expert Kevin Beaumont.

Florian Roth, the Head of Research at Nextron Systems, has released a set of YARA rules for identifying CVE-2021-44228 attempts.

Apache Log4j Patch and mitigation available

Log4j 2.15.0 has been released by Apache to solve the CVE-2021-44228 RCE vulnerability of the highest severity.

In prior releases of the 2.10 and later, the problem can be avoided by changing the system property "log4j2.formatMsgNoLookups" to "true" or deleting the JndiLookup class from the classpath.

Furthermore, those who use the library should update to the most recent version as soon as possible since attackers are already looking for exploitable targets.

As reported by Bleeping Computer, The Randori Attack Team announced that they believe the growing number of vulnerable products will be identified in the weeks ahead, similar to earlier high-profile vulnerabilities such as Heartbleed and Shellshock.

The Team also added that these cybercriminals would instantly exploit this vulnerability due to its ease of exploitation and broad applicability.

The seriousness of attacks exploiting CVE-2021-44228 RCE was also highlighted by security firm Lunasec.

In addition, Lunasec added that anyone who uses Apache Struts is presumably exposed; identical vulnerabilities have been used in previous breaches, such as the 2017 Equifax data breach.

Log4j Vulnerability Recommendation

If users are under the assumption that they might be affected by CVE-2021-44228, Randori advises all businesses to assume a breach and look for strange behavior in logs for compromised applications.

If abnormalities are discovered, users should presume this is an active event and that they have been hacked, and respond appropriately.

This vulnerability can be fixed by upgrading to the patched versions of Log4j 2 or impacted programs. Any business that suspects they may be affected should update to a patched version as soon as possible, according to Randori.