The Log4Shell Susceptibility came to light around December 2021. The vulnerability extends a possibility of a severity score of about 10. 10 is the maximum number possible to indicate a threat‘s seriousness.
As the susceptibility has clearly reached an ‘endemic’ status, the CSRB (The Cyber Safety Review Board) has extended clear guidelines on tackling this vulnerability. These guidelines are for government agencies and organizations and are clear instructions for strengthening their applications and networks. Totally, there are 19 recommendations.
As per the report, the vulnerability can make its impact felt for a decade at least.
READ MORE: Network Object Management Is Going to Be Inevitable for Multi-cloud Management
The vulnerability can impact software applications and products that utilize the Log4J Apache library.
Log4j is written in Java, and the vulnerability is, commonly referred to as Log4Shell, is officially CVE-2021-44228. The susceptibility permits a remote hacker to send crafted HTTP packets to servers and other software suites that can be accessed through the internet.
It was first identified on websites hosting Minecraft’s servers, a game owned by Microsoft. However, the cyber world can’t overlook the fact that the susceptibility went unnoticed for quite some time.
Hackers just have to use a single line of code to exploit this susceptibility. After that, attackers can perform remote commands on hacked systems.
Also, the susceptibility gives a chance to attackers to control java-based web servers. In such an attack, hackers can take control of the hacked systems and carry out any function they decide upon.
Overall, the Australia-New Zealand area seems to be the most affected region. Overall, nearly 50% of corporate networks faced the consequences of the attack.
North America saw about 36% of its corporates getting affected due to vulnerability.