Last week, Apache Software Foundation disclosed that a widely used open-source software called, Log4j, has a flaw that is exposing users to cyber security threats and ransomware. Log4j is a widely used Java library leveraged for logging error messages in applications. The estimated impact is over 100 million instances globally. It has currently been confirmed in Log4j versions 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0. The flaw allows attackers to execute code remotely, which can steal data, install malware, or take control of a system.
What to look for
Take inventory of your all your internet facing devices that are running on Log4j, and work to upgrade any operating an impacted version. When this vulnerability was made public, it was described as a zero-day (or 0day). This means the flaw was targeted and attackers could have potentially acted on it prior to software developers knowing the flaw even existed. One thing to look for is, when log message lookup substitution is enabled, attackers can control log messages or log message parameters. When updating to the latest version 2.16.0, the substitution feature has been removed.
What steps can you take now?
There are a few steps your business should do immediately.
- Take an inventory of all internet facing devices that are running Log4j
- Where possible, update to the latest version of software 2.16.0
- Make sure devices that run Log4j have proper alerting for probes and attacks
- Have an incident response plan in place outlining the steps your team will take if you find out you have a cyberattack
This kind of cyber attack is extremely complex, and because of the Log4j’s wide adoption, and the classification as a 0day vulnerability, it can be tricky to detect if your software, services, devices, and servers have been impacted.
How we can help
Helping businesses with these kinds of vulnerability and attacks are something we do every day. We have experts in cybersecurity and incident response experts that have a proven track record of helping business get back up and running, and helping businesses put together plans for the future for when these types of things come up. Whether you have been impacted, or you want to be proactive for the next one, we are here to help your team and business improve your routines and security.
Set up a consultation so we can talk about what your business is looking for, the problems you are having, or where we can help in the future.