On 09 December 2021, sources identified a significant security flaw within the popular online game Minecraft. The bug allowed attackers to change messaging settings that made the Log4j logging application connect to external addresses, allowing attackers access to the system.
Tracked CVE-2021-22448 (CVSS score: 10.0), the flaw concerns a case of remote code execution in Log4j, a Java-based open-source Apache logging framework broadly used in enterprise environment applications to record events and messages generated by software applications. Because Log4j is open source (free), it is used widely. Apache Log4j is part of the Apache Logging Project. By and large, usage of this library is one of the easiest ways to log errors, which is why most Java developers use it. Many large software companies and online services use the Log4j library: Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. The bug has scored a perfect 10 of 10 in the Common Vulnerability Scoring System (CVSS) rating system, indicative of the severity of the issue.
Since its initial discovery, intelligence suggests that the vulnerability has been built into Linux-based high speed robot networks (botnets), and is exploiting industrial controls, internet of things devices, and now, crypto mining systems.
Global Guardian has been actively monitoring this activity beginning approximately 24 hours before it was publicly announced, having received advanced notice from confidential intelligence sources. To date, we have blocked all known events for our current Cyber Security clients and are actively protecting all network and devices from this vulnerability through firewalls and secure workstation security software.
The Cybersecurity and Infrastructure Security Agency (CISA) has provided Apache Log4j Vulnerability Guidance. To view,
. In addition, we recommend:
- You disallow any gaming in your environment and close all running instances of the game and the Minecraft Launcher. Users will need to start the Launcher again, following which the patched version will download automatically.
- Anyone with an application containing Log4j immediately pays attention to this vulnerability and ensure you have a web application firewall (WAF) installed. If you have any questions, contact our team today. Global Guardian can provide guidance on installing firewalls and securing your networks.