EXECUTIVE SUMMARY:

Found in the software known as Log4j, a critical security vulnerability has the world on-edge. Due to the ubiquity of Log4j, the vulnerability in the software endangers thousands, if not hundreds of thousands, of organizations worldwide.

Unpatched, the Log4j software flaw could enable attackers to commandeer computer servers, corporate networks, or consumer devices. The cyber security community states that billions of devices may be affected. It could take security professionals weeks to patch all affected software, and in the interim, hackers may exploit flaws.

Update 12/15/21: A second vulnerability associated with Log4j has been identified. Get information here

“To be clear, this vulnerability poses a severe risk,” said CISA Director Jen Easterly, in a statement.

What is the issue?

As indicated previously, the vulnerability could allow an attacker to launch remote-code execution attacks, giving them control over privately-owned resources. In turn, this creates a cascade of other operational issues, security challenges, legal limbos, and client relationship management difficulties.

Among developers, Logj4 is popular due to the fact that it’s free to use. However, because it’s free to use, monitoring and maintenance of the software remains minimal. In contrast, paid products typically boast a large number of software teams and developers who ensure its security.

Why it matters

The vulnerability is under active exploit, according to cyber security firm Check Point Software. “It is clearly one of the most serious vulnerabilities on the internet in recent years,” stated the company. “The potential for damage is incalculable.”

Organizations of all kinds are at-risk.

Consumers are at-risk too. Devices like smart TVs, DVR systems, and security cameras may remain vulnerable. Devices that are currently in warehouses, waiting for placement on store shelves, will be vulnerable as soon as consumers connect them to the internet.

Also, legacy IoT devices may no longer receive software updates, making them uniquely vulnerable to hacker exploit attempts.

Technical details

A researcher employed by a Chinese tech firm first uncovered the bug and privately reported it to the Apache Software Foundation. The vulnerability (CVE-2021-44228) impacts Apache Log4j versions 2.0-beta9 to 2.14.1. Experts published proof-of-concept code for this vulnerability.

Log4j is an open-source Java logging library, which is frequently deployed in enterprise Java software. It is included in Apache frameworks, such as ApacheStruts2, Apache Solr, Apache Druid, Apache Flink and Apache Swift, along with other sizeable projects.

How it could affect your organization

  1. Researchers anticipate that this vulnerability will precipitate a deluge of ransomware attacks. The Nemesis Kitten group, responsible for Khonsari ransomware attacks, has already begun to exploit the vulnerability.
  2. Concerns pertaining to cryptomining attacks, DDoS attacks and other creative campaigns have also cropped up.
  3. Further, company data may be at risk if an employee’s personal cell phone experiences compromise.
  4. Hackers may focus on obtaining illicit access to corporate networks, and then quietly reside in systems for days, weeks, months or years, waiting to launch attacks.
  5. This one is a no-brainer – Once hackers are in your organization’s system, they can easily steal your data.

Prevention measures

  1. Reach out to your suppliers to see if they’ve been affected.
  2. Ask suppliers to reach out to their suppliers about potential compromise.
  3. Strengthen your endpoint security. Says Microsoft “attackers are probing all endpoints for vulnerability”.
  4. In the short term, organizations may want to remove sensitive data from products or services that include Log4j.
  5. Multiple layers of security, or defense-in-depth, can prevent hackers from accessing the “crown jewels.”

Summary

The Log4j vulnerability highlights the importance of proactivity when it comes to security. Ensure that your developers use secure code, and that your enterprise has a clear sense of which software is used within what systems. A high degree of security visibility and granular security insights can help protect your environment.

Avoid hosting uninvited guests on your system. For insights into security solutions that can provide you with a 30,000 foot view of your network, endpoint advantages, and comprehensive analytics, click here.

See CyberTalk.org’s past Log4j coverage here. For detailed insights into the Log4j vulnerability, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.