Log4j Vulnerability: What You Should Know

IT teams and cybersecurity professionals are working tirelessly to patch a previously unknown vulnerability that could allow cybercriminals to access millions of devices connected to the internet. If exploited, the Log4j vulnerability would allow hackers to remotely execute code on vulnerable servers, essentially giving them complete control.

Jen Easterly, director of Cybersecurity and Infrastructure Security Agency (CISA), released a statement, “To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between the government and the private sector. We urge all organizations to join us in this essential effort and take action.”

Free Wortley, CEO of the open-source data security platform LunaSec called it “A design failure of catastrophic proportions.”  Wortley continues, “So many people are vulnerable, and this is so easy to exploit. There are some mitigating factors, but this being the real world, there will be many companies that are not current on releases and are scrambling to fix this.”

What is the Log4j vulnerability?

Created by Apache Software Foundation, Log4j is an open-source logging library used by many services and apps across the internet. Logging is a standard process where applications keep a real-time list of activities performed and can be analyzed later in case of an error. Almost every network security solution runs a logging process, which gives a library like log4j a massive reach.

Described as “unusually easy to exploit,” this vulnerability can be triggered in a variety of ways, making it especially dangerous. The attacker has to cause the target application to save a specially designed command. Since applications routinely log easy to input information such as messages sent and received by users, the Log4j vulnerability could be triggered by simply sending a message.

The diversity of vulnerable systems and the range of possible delivery mechanisms mean that internet security and even firewalls do not eliminate risk. It could theoretically even be delivered physically by hiding the attack command in a QR code, scanned at any point, circumventing internet security.

Log4j is a ubiquitous, open-source Java library, widely used in enterprise systems and web-based apps. Any machine connected to the internet is at risk if it’s running Apache Log4J, versions 2.0 to 2.14.1. NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks. Check with your IT team or network administrator to see if you’re vulnerable.

How to protect your network

An update to the Log4j library has already been released to help mitigate the threat, so it’s crucial to make sure all vulnerable systems have this update ASAP.

Large companies such as Cisco, VMware, IBM, and Oracle have issued patches for their affected products. More companies and services such as AWS are aware of the vulnerability and are working on updates and patches.

Oracle issued a statement saying, “Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”

Microsoft has released a set of indicators of compromise and guidance for preventing attacks on Log4j vulnerability. Examples of the aftermath of exploiting the Log4j flaw that Microsoft has documented include installing coin miners, Cobalt Strike to steal credentials, and exfiltrating data from compromised systems.

The Cybersecurity and Infrastructure Security Agency’s advice is to identify devices connected to the internet running Log4j and upgrade them to version 2.15.0 or apply the mitigations provided by vendors immediately. It also recommends setting up alerts for probes or attacks on machines running Log4j.

The best defense for the Log4j vulnerability is a well-qualified team of IT professionals who can update and patch systems correctly to avoid any possibility of exploitation. Contact your tca SynerTech IT team today to learn more about the Log4j vulnerability and ensure all patches are up to date and the appropriate action is being taken for your systems.