If you’ve been following the news, you may have heard about the recently discovered Log4j vulnerability but you may not be clear on what it is and how it could affect your business.
We’re here to help.
The details are still unfolding, but here’s what we know now.
- What’s the Situation?
- What Exactly is the Log4j Vulnerability?
- Why Does It Matter?
- Does Log4Shell Affect My business?
- What Can I Do?
Let’s take a look.
What’s the Situation?
On November 24th, 2021, a new zero-day vulnerability was discovered in a popular open-source coding framework called Log4j. Cyber criminals can easily carry out destructive cyber attacks through this vulnerability by taking control of targeted computers.
Due to the extensive use of Log4j by companies worldwide, this threat impacts businesses of all sizes.
It’s expected that cleanup of this vulnerability worldwide could take months due to the volume of third-party software running this code.
What Exactly is the Log4j Vulnerability?
Log4j is a logging framework, meaning it lets developers monitor or “log” digital events on an Apache webserver.
Logging systems record application activity, such as web page requests, internet chat histories, and database transactions. They provide an audit trail, examine traffic patterns, monitor performance, plan system improvements, and troubleshoot problems.
The vulnerability, which allows remote code execution in some versions of the Log4j utility, was published online and named Log4Shell.
Through Log4Shell, specific versions of the Log4j utility can be made to misinterpret data that would typically be logged into a file as a command, which it would blindly follow, executing whatever instructions were passed on to it.
Since logging utilities can log everything from web page requests to internet chat messages, it can be easy to get the malicious command past normal defenses and onto the server. And since the logging utilities are often running with special permissions on a system, tricking them into running malicious commands can have immediate, system-wide consequences.
Typically, software should safeguard against data coming from untrusted users online, but this flaw allows them through, letting data supplied by untrusted outsiders manipulate the server’s actions.
Why Does It Matter?
If that were the extent of the problem, it would be bad enough. However, the Apache webserver is used extensively. If it’s using Log4j as its logger, it may be vulnerable.
This vulnerability has been called “the single biggest, most critical vulnerability of the last decade” due to how extensively this logging utility is used in other applications, and is present as a dependency in other services, from workstation and enterprise applications to numerous cloud services.
For example, applications from Amazon, Microsoft, IBM, Google, Cisco, Twitter, Steam, and even the United States Cybersecurity and Infrastructure Security Agency (CISA) use Log4j. This has made the Log4Shell exploit the center of multiple other exploits across the internet.
Cyber criminals have rapidly incorporated this compromise into their arsenal, using it to install crypto miners, ransomware, backdoors, and other nasty software on systems all over the internet.
Does Log4Shell Affect My business?
Due to how extensively Log4j is used and incorporated into other software and services, it’s hard to quickly determine if your servers, workstations, and online services are affected, but some of them probably are.
For example, applications and services such as FedEx Ship Manager, Amazon AWS Lambda, Salesforce Tableau, and VMware vCenter Server are all affected by the Log4Shell vulnerability.
It’s safe to assume that you might be affected in one way or another.
What Can I Do?
As with all other software vulnerabilities, the primary advice for dealing with this is to have your IT department or outsourced IT support team scan and identify the vulnerable applications on your network. This is especially true for apps accessible over the internet.
After identifying vulnerabilities, the IT team should implement the mitigation tactics available from the software provider, implement available patches, or upgrade to a secure version.
CISA also recommends setting up alerts for probes or attacks on devices running Log4j and installing a web application firewall (WAF) with rules to focus on Log4j.
For valuable, up-to-date guidance on Log4Shell, visit the CISA site: https://www.cisa.gov/uscert/apache-Log4j-vulnerability-guidance
Need Help Securing Your Southern California-based Business?
All of this might seem overwhelming, especially for small-to-medium-sized businesses that may not have the expertise to address such issues in-house, or do not have the time to do so without drawing resources away from other projects.
If you need some additional expertise to improve your cybersecurity posture, we’re here to help. Our security experts can help you find the holes in your perimeter, determine which apps might be compromised, and help you patch up any vulnerabilities you might have.
Remember, this is just the latest critical exploit to be discovered. There will undoubtedly be more – it’s only a matter of when. If you want to be prepared to tackle the next inevitable vulnerability, contact us today.