There’s only one thing that’s certain in cybersecurity: The cyberthreat landscape is constantly changing, and the tools and solutions we have at our disposal to combat cybercrime must continue evolving if we are to stay ahead of — or at least keep up with — them. As 2021 winds down, the Devo security team is already looking ahead to the most pressing cybersecurity trends likely to appear in 2022. Here are my top three predictions for the new year.

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified, (Dubbed “Log4Shell” by researchers), affecting massive amounts of servers all over the world. As this vulnerability gains high traction worldwide, it’s important to note, that not only internet facing java applications are vulnerable, as user input can traverse to another non-internet facing machines and exploit these as well.

Audit logging involves recording transactions and system events, making it an invaluable tool for regulatory compliance, digital forensics, and information security. In a typical Kubernetes ecosystem, auditing involves providing chronological, activity-relevant records documenting events and actions in a cluster. Modern logging tools come with aggregation and analytical functionalities so that teams can use log data to mitigate security threats.

A critical vulnerability in the popular log4j library is currently being actively targeted on a broad global scale and possibly exploited based on advisories from multiple CERTs and vendors: CISA, Apache, etc. This Java library is integrated into many IT and DevOps tooling and workflows. On Dec 10, 2021, Apache released version 2.15.0, fixing CVE-2021-44228 (dubbed Log4Shell) an RCE with a maximum CVSSv3 score of 10.

A previously unknown zero-day vulnerability in Log4j 2.x has been reported on December 9, 2021. If your organization deploys or uses Java applications or hardware running Log4j 2.x your organization is likely affected.

The NVD currently lacks a CVSS score for this vulnerability, but the Synopsys Cybersecurity Research Center (CyRC) has issued a corresponding Black Duck® Security Advisory (BDSA), and assigned a CVSS score of 9.1, with links to proof-of-concept exploits. A dangerous, zero day exploit has been identified in log4j, a popular Java logging library. Apache log4j/log4j2 is broadly used within the Java community to implement application logging.

Authors and Contributors: As always, security at Splunk is a family business. Credit to authors and collaborators: Ryan Kovar, Shannon Davis, Marcus LaFerrera, John Stoner, James Brodsky, Dave Herrald, Audra Streetman, Johan Bjerke, Drew Church, Mick Baccio, Lily Lee, Tamara Chacon, Ryan Becwar. If you want just to see how to find detections for the Log4j 2 RCE, skip down to the “detections” sections.

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes. Popular projects, such as Struts2, Kafka, and Solr make use of log4j. The vulnerability was announced on Twitter, with a link to a github commit which shows the issue being fixed. Proof-of-concept code was also released to github which shows that the vulnerability is trivial to exploit.