Omega Systems has been working diligently to identify and remediate systems susceptible to the vulnerability known as Log4J. This massive, global security vulnerability is reportedly impacting the majority of the internet’s web applications.
High-Level Overview Of Log4J
On Dec. 9, 2021 the Log4J vulnerability (AKA Log4Shell) was identified as being exploited in the wild. The subsequent investigation revealed the exploitation of the vulnerability impacts nearly all of the internet, making this vulnerability rank “SEVERE”. The widely accessible proof of concept is not only readily available online, it proves execution is effortless.
The Log4J vulnerability impacts a commonly used component of open source logging software offered by the Apache Foundation, leveraged by app developers to understand how their programs function. Experts indicate this open source software is used by millions upon millions of application installations globally. Hackers are exploiting the vulnerability through both the Windows and Linux platforms to gain access and control over any organization’s network that runs any unpatched applications that are created using this software.
According to Microsoft’s Threat Intelligence Team, right now, the majority of attackers from around the world have been using the Log4J vulnerability to highlight unpatched applications, while others have advanced to distributing coin miners, launching attacks, stealing credentials and hijacking data.\
“Anything You Can Do” Dangers Of This Vulnerability
It’s important to note every business is at high risk. Because an attacker essentially gains keys to your network kingdom, it is easy to do things like:
- Steal emails
- Steal credentials
- Destroy files
- Expose data
- Install ransomware
- Access & execute business-critical core controls
- Shutdown systems
- Interrupt necessary protocols
Misconceptions That Give Businesses A False Sense Of Security
Cybersecurity experts warn businesses not to overlook the severity of this threat, even if they believe they are not vulnerable. Don’t fall prey to these misconceptions:
“Our applications don’t leverage the Log4J framework…”
In addition to applications, Log4J can affect API servers; therefore, even if you do not use the Log4jlogging framework, it is possible you are trusting third-party APIs that contain the flaw and are exposed.
**This less publicized scenario is particularly dangerous for businesses and very attractive to attackers, given most businesses have limited visibility into their API inventory and behavior.**
“We don’t use Java…”
Whatever third party software you are using could have the Log4J framework embedded, which could mean the threat will not show up in your vulnerability scans.
Challenges IT Security Teams Are Seeing
- Scoping the full extent of exposure (internet-facing assets, internal systems, back-end systems, network hardware, SIEM, logging systems, proprietary apps, cloud apps, application components, and indirect vulnerabilities)
- Strategizing workarounds for systems that cannot be patched
- Validating third-party applications are appropriately patched. (*Not all have patches.)
- Ongoing network monitoring post compromise.
At Minimum, Every Business Should Immediately Respond This Way:
- Patch your applications.
- Check lists of identified vulnerable products daily.
- Validate your network assets have received an update.
- Follow vendor protocols to mitigate the vulnerability when possible.
- Map all servers that operate APIs with Java, then block all user input, control back-end connection services and put APIs behind gateways or load balancers.
How To Get Expert Assistance:
In these types of complicated situations, it makes sense to leverage professional support. Omega Systems is diligently protecting our managed support and managed cybersecurity customers with solutions for active prevention and post-exploitation protection as it pertains to the Log4J vulnerability. Our Omega-badged SOC Team is addressing managed environments with Detection & Validation, Remediation Reporting, AI-Powered Prevention, Exposed Application Visibility, Evolutionary Intrusion Prevention and Threat Forensics.
If you require professional assistance – give us a call. 610.678.7002 or schedule a consultation https://omegasystemscorp.com/contact-us/