Page 115 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 115
Analysing the true threat of Log4j
By Tom McVey, Sales Engineer EMEA, Menlo Security
In December 2021 the cybersecurity industry could be found reflecting on another difficult year, defined
by further spikes in both the sophistication and volume of threats used by attackers.
Following on from a similar pattern in 2020, attackers continued to capitalise on growing digital footprints
and new vulnerabilities – a trend that has only continued to accelerate since the pandemic first induced
a rapid increase in digitalisation efforts.
Amidst such reflections, Log4Shell emerged as one of the most threatening vulnerabilities facing
companies to date.
Log4j is a weak point that was discovered in the Log4j Java logging library (CVE-2021-44228). It is a
widespread piece of software typically used to record events such as errors and routine system
operations. The 404 error message that is received when clicking on a bad link is one such example of
Log4j in action, both telling the user that the webpage doesn’t exist and recording the event in a log.
Log4Shell works by abusing a specific feature in Log4j that allows users to specify custom code for
formatting a log message. The challenge lies in the fact that this code can be used for more than just
formatting log messages. Indeed, Log4j allows third-party servers to submit software code that can
perform all kinds of actions on the targeted computer, opening the door to a range of nefarious activities.
115