A cybersecurity expert explains how the widely used logging software is already making us more...
You need logging for audit trails, in the event of a ransomware event, to do forensics, sometimes for regulatory considerations.
So [Log4J] is a Java feature and function where you log things.
You could log the fact that somebody used this particular type of credit card, you could log the fact that somebody just logged in today, any number of different types of events could be captured.
Because it's logging, you could potentially inject an instruction to say, "When you log in credentials for a user, also send them over here." And it will be a place that the cybercriminal will set out to capture the login credentials.
You can almost create your own cybercriminal command and control of logs.
Logs can log almost anything, such as logins, credit card information, payment information.
The question is, are there different safeguards put around the logging? And are there any types of monitoring around logging to see whether or not logging itself has anomalous behavior? If an organization isn't looking for anomalous behavior, they're not going to notice that, once a user ID and password gets logged, that it just went somewhere else as well.
On the security team side of things-as we're all racing against the clock to find, patch, remediate, observe, log and try to fix these issues-cybercriminals will be taking advantage of the vulnerability.
You could potentially go to log in-to get service from any number of companies that you do business with-and find out they've got an outage, and they could be dealing with this issue.
Having an accurate inventory of where this logging feature has been deployed, within your code, is lots of needles in lots of different haystacks.