SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
New RCE bug is making APAC businesses vulnerable to Log Injection attacks
Thu, 13th Jan 2022
FYI, this story is more than a year old

A new remote code execution (RCE) bug could be making businesses in Asia Pacific vulnerable to Log4Shell log injection attacks, according to Barracuda, a provider of cloud-enabled security solutions.

Log4Shell is a software vulnerability in Apache Log4j 2, a popular Java library for logging error messages in applications used by many companies and organisations.

According to Barracuda, the vulnerability enables a remote attacker to take control of a device on the internet if the device is running certain versions of Log4j 2. Affecting the most widely used logging framework on the internet, this vulnerability has been given the highest severity rating possible on the National Vulnerability Database, and also by the Apache Software Foundation, due to the ease with which malicious attackers can exploit it.

Logging is a critical component of most applications and systems because it allows developers and system administrators to verify that software is working properly and identify more specific details when it is not.

Barracuda says log injection is possible when user-controlled input is logged without sanitation, and while this can have a number of consequences, from data leaks to log forgery or denial of service attacks, remote code execution (RCE) is one of the most severe outcomes, allowing an attacker to execute code within an application to gain access and privileges available to the application itself.

This can result in data breaches, while also allowing attackers a convenient way to penetrate a network and even compromise systems and resources outside of what the application is able to access.

"These kinds of attacks are often overlooked, which makes them particularly dangerous, posing a threat to both data and network security," says Mark Lukie, systems engineer manager, Asia Pacific, at Barracuda.

"Any application using logging - even if not using log4j 2 or even Java - should be checked for possible log injection attacks and proper data sanitisation practices," he says.

Lukie says the best way to protect against log4shell specifically is to upgrade to the latest version of log4j.

"However, for long-term against RCE threats, businesses need to find the right Web Application Firewall (WAF) and WAF-as-a-Service solutions to protect against log injection attempts, including those related to Log4Shell," he says.

Meanwhile, Barracuda says ransomware will remain the number one security threat in 2022, with the volume of ransomware attacks being mounted against businesses will continue to rise throughout the new year.

At the same time, governments at all levels will take the problem more seriously and collaborate at a nation-state level.

Attacks will range from extortions using stolen data to the penetration of critical supply chains. As well as looking for financial gain, the criminals will also increasingly use stolen data to discredit businesses and destroy reputations.

During 2022, it will be vital for both public and private sectors to work together to continue to make it increasingly difficult for cybercriminals to move the ransomware payments they receive.