What is the problem and why is it a big deal?
On December 9th, a GitHub user posted a log4j vulnerability online, which he found within a Java application. This was then promptly found by black hat hackers who were scanning for new attack vectors which could be taken advantage of. They wasted no time, attacking corporate networks almost immediately.
If the vulnerability is exploited, it will allow attackers to perform remote code execution and control effected servers. In simple terms, it would allow attackers to take control of your systems.
Current affairs, who’s been attacked?
Check Point alone has had “1,800,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups” as of the 15th of December 2021.
They have also “seen an attempted exploit on 46% of corporate networks globally”
(Source: Check Point)
Who’s been affected and why?
Log4j is the most popular java logging library with over 400 000 downloads on GitHub alone; it’s embedded in every Java-based product or web service. It is commonly adopted for enterprise applications, which the majority of businesses use.
The Log4j library is a key component of almost every Internet service or application we are familiar with, including those created by Amazon, Microsoft, Google, IBM, Jira, Dell, Apple, Cisco Systems, Twitter, Siemens, Lenovo, Splunk, Red Hat, SAP, Sophos, Forcepoint, Symantec, Fortinet, VMware more.
Why have these companies been affected?
This is a zero-day threat: tech companies and threat actors have been made aware of the vulnerability simultaneously therefore businesses have not had time to release updates, patches and workarounds in time. It could take weeks for these updates to be released and adopted, whereas hackers can and have begun attacking immediately.
What would the outcome be if the vulnerable systems were compromised?
According to NCSC, if left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Over the next few weeks, there will be high profile ransomware attack, however currently the attacks have largely been with the goal of taking over servers in order to mine cryptocurrencies for financial gain.
Who will be attacked?
As we find ourselves in the New Year, attackers will continue to scan corporate networks for the Log4j vulnerability. Many companies will be attacked, but those most at risk are the ones who are not aware of the vulnerabilities within the applications they use. Furthermore, companies which fail to update their systems to the latest patches as the threat evolves will also be at risk as well as one’s using software which does not have available patches yet.
To make sure your company is safe book a free consultation with us or check here for an extensive list of effected software and the solutions currently available to make sure you’re not one of them (Source: NCSC Netherlands).
What’s the remediation plan?
If you are using Log4j to develop applications you should update to version 2.17.1 or later, alternatively you can apply a hardened configuration which we are able to assist you with. Version 2.15 was the first patch but a work around has already been found by hackers so you must stay on top of updating it.
If Log4j is present in applications supplied by a third party, you should keep any such products updated to the latest version as they will be patching vulnerabilities as quickly as they are able.
If you don’t know whether products use Log4j then you must speak to your developers and third-party suppliers to find out if they are using it immediately.