A major security headache is coming. What can your organization do to protect itself?
The internet has been abuzz because of a major security breach involving Log4J. This vulnerability in CVE-2021-44228, the remote code execution flaw in Log4J, was first reported by New Zealand’s CERT last week. Since then, agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have issued similar warnings as well.
Large companies such as Oracle and Cisco have immediately implemented security patches to mitigate possible security breaches with Log4J. However, the breaches are affeting countless other services such as Twitter, Google, and Steam.
What is Log4j?
Log4J is an open source logging framework developed by the Apache Software Foundation. It is highly used by many programmers and software developers to keep track of activity within a given app. To cut a long story short, it contains a lot of information gathered from users who use these different applications, platforms and sites. Think of it as virtual logbook that keeps track of every bit of exchange of information and activity within a given app or site.
What does Log4J vulnerability have to do with you?
Log4J is used by many major apps and servers across the internet – many of which are used by individuals on a day-to-day basis. The vulnerability in Log4J now allows hackers to gain access to your computers and servers by sending malicious code strings that get logged by Log4j 2.0 or higher. Hackers are actively using web crawlers and scanners to locate vulnerabilities and attempt breaches. Researchers have already detected almost a million attacks in under 1 week.
Using the Log4j exploit, “Attackers gain almost unlimited power—they can extract sensitive data, upload files to the server, delete data, install ransomware or pivot to other servers,” Nicholas Sciberras, of Acunetix, said. Attacks are “astonishingly easy” to deploy, he added.
To give you a better idea of what platforms use Log 4J, here are some major ones, to name a few:
- Apple’s iCloud
- Microsoft’s Minecraft
“This is a design failure of catastrophic proportions.”
Free Wortley, the CEO of Lunasec, an open-source information security platform, says that this is exploit is at catastrophic proportions. He also notes that Log4j vulnerabilities are incredibly widespread and vulnerabilities are likely to persist.
What can you do to protect your organization?
- Apache has recognized the severity of the problem and has, as of Friday, released security patches to help mitigate the situation.
- Companies, like Oracle, have also released a security alert and patches to help cover this flaw in Log4J.
- CISA has advised for an immediate upgrade to version 2.15.0 for any device running Log4J, as well as setting up alerts to immediately identify any probes or attacks on devices running the said logging library.
- Ensure that your IT or information security team is on alert.
- As an ordinary user, make sure to install all updates necessary to protect you and your hardware.
Why a virtual information security officer (VISO) can help:
Some organizations can’t afford to bring on a full-time information security officer. Additionally, in-house information security officers (ISOs) face unique obstacles as they strive to meet heightened demands. Time constraints, reliance on third parties, and a lack of expertise collectively strain internal resources, and potentially weaken business security operations. However, an Accume Partners’ VISO sidesteps this problem. Our VISO can affordably flex based on your organization’s needs, such as during a major cybersecurity event like the Log4j incident. Adoption of our VISO program grants access to a wide reaching, deep range of skills and experience. An entire department of experts combine forces to provide each client with a higher level of specialized expertise in one comprehensive, affordable package. Click here to download our cybersecurity and VISO guide.