top of page

What is Log4J and how should you protect your business?



On December 9, a major vulnerability was discovered in a popular open source software package that by the next day companies were scrambling to figure out how best to respond.


You only get something as bad as Log4J every 4-5 years. It's real bad.

- Security Engineer at American Cyber

According to the Washington Post and Check Point Software, hackers have already tried to use it to get into nearly half of all corporate networks around the world. The motives are financial, however on Dec. 15, Check Point said Iranian state-backed hackers used the vulnerability to try to break into the Israeli government and business targets.


What is Log4?


Apache Log4j is a Java-based logging application that helps software applications keep track of their past activities. Each time log4j is asked to log something new, it tries to make sense of that entry and add it to the record. A few weeks ago, researchers realized that someone can arbitrarily insert malicious code that can compromise any servers that are using the software.





Why is it so bad?


An attacker who can control log messages or log message parameters can execute code loaded from LDAP servers when message lookup substitution is enabled.


There are three main reasons why this vulnerability has a maximum CVSS severity score of 10.

  1. It's relatively easy to execute - even for amateurs and script kiddies.

  2. The remote code can be inserted pre-authentication. This means that the attacker does not have to sign into internet-facing on-premise and cloud services.

  3. IT and InfoSec teams cannot simply setup gateway blocking rules. There's a lot of methods for obfuscation and evasion.


What should you do?


The majority of all software providers are rapidly working to update their software product code. For example, more than 500 engineers at Google worked day and night reviewing code to make sure this vulnerability did not impact the security of their products.


It is absolutely critical for IT and Information Security teams to monitor inbound and outbound traffic and respond to suspicious alerts generated from their security products.


For those businesses that don't have trained information security professionals that can deploy, configure, monitor and manage these advanced tools, they need to partner with a cybersecurity firm that can detect, protect and respond to suspicious security events.


Stay safe out there and contact us if you need assistance.






Comments


bottom of page