New Zero-Day Vulnerability for Log4j is the Next Cybersecurity Nightmare

On December 10, 2021, a number of media retailers, the Cybersecurity and Infrastructure Safety Administration (CISA), and the director of cybersecurity at the Nationwide Safety Company (NSA) started alerting to a big vulnerability in an open supply Apache logging library known as “Log4j.” In response to a number of sources, software program has been publicly launched that exploits this vulnerability and permits an attacker to realize full management of affected servers. Log4j is broadly used and can take a while to patch and remediate, making many company programs and cloud environments susceptible to assault.


Apache Log4j is a java-based logging utility that is integrated into quite a few frameworks and functions, and utilized by many main cloud companies. On December 6, 2021, Apache announced model 2.15.0 of Log4j, noting that it corrects a vital distant code execution vulnerability, CVE-2021-44228. On December 9, 2021, a number of cybersecurity- and technical-focused media retailers started reporting that the vulnerability was being actively exploited and will lead to a full system takeover.

The seriousness of the vulnerability mixed with the widespread adoption of Log4j has resulted in alerts from CISA and the NSA. NSA Cybersecurity Director Rob Joyce tweeted that “[t]he log4j vulnerability is a significant threat for exploitation due to the widespread inclusion in software frameworks, even NSA’s GHIDRA.” Joyce additionally famous that this vulnerability underscores the want for elevated adoption of software program bill-of-materials (BOM) practices.

Sensible Next Steps

Corporations might want to work shortly to evaluate whether or not, and to what extent, they or their service suppliers are utilizing Log4j. The next are questions and concerns for company counsel:

  • Are we in danger? Ask IT and safety personnel whether or not any software program utilized in the firm’s atmosphere makes use of Log4j. Particularly, inquire whether or not the firm makes use of the susceptible model of Apache.

  • Do our merchandise use Log4j? Your organization’s software program merchandise might use Log4j. If that’s the case, assess the publicity and set up a plan for upgrading to the newest protected model. Your clients will seemingly be asking, and you need to have a response.

  • Ask your service suppliers whether or not their merchandise or atmosphere use Log4j. If that’s the case, ask whether or not they have patched to the newest model of Log4j, and have them present a patch highway map in the event that they haven’t patched already.

  • Prepared your incident response group and make sure that after-hours contact info for your incident response group is updated.

  • Affirm your safety operations are monitoring Web-facing programs for indicators of compromise and are ready to execute your incident response plan.

  • Some public risk intel retailers have recognized malicious IP addresses which can be actively scanning Web-facing programs for this vulnerability. Contemplate blacklisting these malicious IPs.

  • If patching is not an instantaneous choice, contemplate different containment measures to restrict the potential affect of this vulnerability (e.g., sandboxing, air gapping, taking offline).

  • Lastly, if concerned in a company acquisition, question the goal entity with comparable steps and questions as outlined above, and consider the danger accordingly.


Source link