For example, Steam, Twitter, Apache which is used on the back end of many websites and even Minecraft is affected by this new vulnerability that’s been found. What is written into the log4j library that points to a web address, it will try and download and run the content of that website found. Even hypervisors like VMware’s vSphere is compromisable, which is causing many headaches for IT Security firms in the run-up to Christmas.
There are good reasons for this, like pulling fonts and stylesheets when on a website. But when it’s available to be run automatically by default means this is a widespread issue for the applications previously mentioned.
JNDI is a Java interface which allows you to fetch from a server and download locally. It can essentially mean that anyone can load anything into your server without raising an alarm.
It is exploited by people sending one of these requests with this log4j vulnerability and directing such traffic to dodgy websites. For example, its been found some attacks of trying to run cryptocurrency. They can export passwords, install malware, or even explore your files and folder structures.
The worst case scenario? Your system is compromisable. Anything accessible from the web, could be manipulated and then move through theyour business, such as setting up ransomware.
The fix, is keeping your system up to date. You can also disable this feature on your servers so get in touch with those who supply such systems and services. Version 2.15 of log4j, fixes this vulnerability. Two factor authentication and VPN can help, but none will be 100% secure. You’ll need a combination of these, especially the update to fix log4j.
Thus, the log4j is a versatile and disruptive vulnerability. Get in touch today to have Greenlight Cyber assist you through these troubling times.