Log4Shell vulnerability: What you need to know about the cyber attack | Life & Knowledge

by time news

A security gap is causing IT managers around the world to panic. Experts refer to Log4Shell as a high-profile server vulnerability that attackers can use to execute system code of their choice. BILD says what experts advise and what private users need to know.

“The Internet is on fire!” This is the conclusion reached by Adam Meyer from the cyber security company Crowd strike. While security experts are trying to close the loophole, “all sorts of people are just about to take advantage of it.”

That not only sounds dramatic, according to the experts it is.

The vulnerability primarily attacks large servers on which millions of data are stored. It finds gaps through which third parties can gain access to the stored information. Among the potentially threatened companies are giants in the sectors such as Microsoft, Amazon and Apple.

Especially the large data storage (cloud storage) are affected by the security risk

Photo: Matthias Balk/dpa

What is Log4Shell?

The name Log4Shell refers to a well-known Java code library called Log4j (Logging for Java). Attackers manage to get a shell in the software that enables them to execute their own system code. The gap thus poses a problem for thousands of servers worldwide. Almost all of them run on comparable software solutions.

“The key point in the Log4Shell attack is that the server automatically executes code. Whatever an attacker wants to do to a server with the vulnerability, he can do it. It is therefore extremely important to patch as quickly as possible, because a lot of people out there who have nothing good in mind are already trying to test which servers are still vulnerable, ”warns Paul Ducklin, IT security expert Sophos.

Evgeny Lopatin, security expert at Kaspersky, sees the danger in the loophole in its simplicity: “This vulnerability is not only particularly dangerous because attackers can gain complete control over the system, but because it is particularly easy to exploit – even an inexperienced hacker can benefit from it . “

The vulnerability was identified before the first attacks were carried out. That’s good, but the problem: It was published as a so-called zero-day gap in the network. In other words, it was publicly documented before a patch (solution) was available.

The Federal Office for Information Security (BSI) also reacted and increased the warning level to red:

#Log4Shell for consumers? what is #log4j? Why is the vulnerability so dangerous? We have put together information on these and other questions at https://t.co/ilPq9T4gQs. #GermanyDigitalSicherBSI

– BSI (@BSI_Bund) December 13, 2021

nn&escapedquot;,&escapedquot;cmpEnabled&escapedquot;:true,&escapedquot;context&escapedquot;:&escapedquot;inline&escapedquot;,&escapedquot;vendorIds&escapedquot;:[&escapedquot;5e71760b69966540e4554f01&escapedquot;],&escapedquot;requiresConsent&escapedquot;:true}” data-hydrate-slots=”{‘default’:[]}” class=”fig fig–embed fig–portrait fig–inline “>

Here you will find content from Twitter

In order to interact with or display content from Twitter and other social networks, we need your consent.

I have to do something?

In the first step, Log4Shell primarily affects the large data stores on which a lot of our private data is located. The respective companies have to act. However, there are also a few things that private individuals should consider.

Sophos warns that private users could also feel the effects of the vulnerability. Especially private individuals who use cloud servers operated by a hosting company or other managed service provider, such as “a blog, forum or family website”. Inquire with your provider whether your data is affected.

The security experts also warn against not automatically clicking on the links given in a warning e-mail and not dialing telephone numbers without a critical examination. Media-effective cyberattacks such as Log4Shell quickly brought free-riding to the scene, who wanted to use the fear of the users for their phishing attacks. E-mails from well-known storage operators and service providers might not be real these days. When in doubt, users should “critically examine” inputs and find their own way of obtaining information using URLs, email addresses, or phone numbers that they have used previously.

Olaf Pursche from AV-Test also advises end users to activate their firewall settings on the end devices (router, computer) and in particular to activate IPS protection (Intrusion Prevention System) there.

Finally, we advise you to always install the latest updates for your operating systems. Get help from friends, family, or the specialist retailer here if you don’t know exactly how it works.

.

You may also like

Leave a Comment