Are you at risk from the security vulnerability found in the Java-based Apache Log4j logging feature?

ronnie 27.12.2021

At the beginning of December, a security hole was discovered in the Java-based Log4j logging feature, affecting millions of businesses, government agencies, and cloud services using this popular Apache library. Many cybersecurity experts assess the vulnerability, named Log4Shell, as one of the most critical vulnerabilities of the decade.

According to our lead consultant Ronnie Jaanhold this is a critical vulnerability that can be used to do a lot of harm. “It’s as if you were sitting in an anthill wearing a wetsuit, unaware that you actually have several tiny holes in your wetsuit. You think you’re protected and as long as the ants haven’t found a hole, you’re fine.  But as soon as one ant discovers one of the holes and communicates it to the others, they start crawling in one after the other,” he explains.


Global impact

To date, Google, Amazon, LinkedIn, Apple, Tesla, Twitter, and many other well-known enterprises have suffered damage because of the Log4Shell security vulnerability. According to Microsoft, cybercriminals are using Log4Shell for malicious crypto mining, identity, and bank detail theft, as well as ransomware installation.

Who is affected by the vulnerability?

All Java-based services using Apache Log4j 2 versions 2.0 to 2.14.1 are affected. Log4j 2 has been integrated into many popular frameworks, including Apache Struts 2, Solr, Druid, Flink and Swift, Tomcat.

Log4j is used by almost all the Internet services or applications we are familiar with, such as Twitter, Amazon, Microsoft and many others. Its GitHub project has 400,000 downloads.

Prompt response is required

“Nobody foresaw such a security hole. Prompt response is all the more important now. All companies and institutions whose systems are affected should be engaged in mapping and patching the vulnerability. Denying the risk could lead to the worst-case scenario, i.e. a sudden shutdown of business activity.

Through this hole, access could be gained to your corporate infrastructure. From there on, it’s a piece of cake for an attacker, business as usual – encryption, ransomware, erasing data, and so on,” explains Jaanhold.

Computer and communication networks are as vulnerable as human immune systems

There are probably a lot of similar security holes we do not know about. It is essential that people responsible for your company’s digital channels know what software is being used, appropriate prevention, detection, and protection measures are in place and a plan has been prepared for responding to vulnerabilities and attacks detected. In many cases, a company might opt to use a vulnerability scanner to keep a track of “live” vulnerabilities, as not all of them can be patched.

Should your company lack adequate competence in this field, you can use a service partner that can draw attention to and prioritize cyber security issues. “The question is not whether an attack will come but when, how well the defense has been arranged, and how prepared the company is to respond,” Jaanhold points out. “Our team has helped to analyze the situation on this issue and develop the most appropriate and cost-effective plan in several companies.”

Steps for Log4Shell countermeasures

  • The first step is to check whether the e-services or digital products of your company or institution use the Java-based Log4j logging feature.
  • You should also map all external devices that have Log4j 2 installed.
  • The next step is to upgrade the software, either in-house or with the help of a service provider.
  • If patching is not possible – consider using virtual patching.
  • Many information security solution providers like Tenable, Crowdstrike, Vectra, and others have created additional functionalities for detecting this vulnerability and the cyber-attacks exploiting it.


Related service

Read more
Related service

Emergency Security Incident Response (SOS)

This unique service will help you resolve the toughest cyber attacks with optimal results and help you make sure that this doesn’t happen again.

Read more

Latest blog posts



Locked Shields is the world’s largest cyber defense exercise of its kind, organized by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE). The event was held from 18 to 21 April in Tallinn and had nearly 3,000 participants. Participants included NATO member states and NATO-friendly countries (last year Georgia, this year Ukraine). The main CYBERS & NATO CYBER DEFENSE EXCERCISE LOCKED SHIELDS

Keep reading

How to quantify risk  ?

Can you smell, taste or touch risk? Most probably not. Therefore, IT Risk Expert Bo Thygesen from ACI and KüberCast hosts Siim Pajusaar and Ronnie Jaanhold will discuss how to quantify and measure risk and how to make decisions based on them. During OpSec minutes you will find out that Android TV box with preinstalled malware can be purchased on Amazon and AliExpress. During OpSec minutes you will find out why CISOs should pay more attention to brand impersonations where attacker is impersonating various elements an organization.

Keep reading

Cyber threat intelligence – your headlights on the internet 

What does threat intelligence mean and is it the weather forecast for internet? What is a cyber threat intelligence (CTI)? Adrian Porcescu from Recorded Future (Director of Product Management, Threat Intelligence) will explain everything with KüberCAST hosts Ronnie Jaanhold and Siim Pajusaar.
During OpSec minutes you will find out why CISOs should pay more attention to brand impersonations where attacker is impersonating various elements an organization.

Keep reading