More businesses are concerned about their cybersecurity. It shouldn’t come as a surprise, considering the new digital technologies emerging.
On Dec. 9, 2021, a critical vulnerability in Log4j, a widely used logging framework, was identified. Companies are looking for ways to protect themselves from potential cybersecurity threats as a result.
What Is Log4j?
The Apache Software Foundation released a project titled Log4j over 20 years ago. It’s an open-source logging framework written in Java and used by millions of applications worldwide.
At its most basic level, Log4j is like a digital notebook, where developers and programmers can take notes on what may happen in servers and applications. For example, they may use Log4j to report or manage a cybersecurity incident or when a person logs in to an application and the password they used.
Log4j is used by many Java programs that have been developed in the past decade. On top of that, Java is considered one of the top programming languages used by businesses worldwide.
What’s the Issue?
Chen Zhaojun from the Alibaba Cloud Security Team was the first to discover CVE-2021-44228, also referred to as Log4shell. It’s a high-severity vulnerability that impacts the core function of Log4j and is a publicly available exploit, which makes it easy for experienced attackers to take advantage of.
Log4shell allows malicious actors to perform remote code execution, making it easy to access whatever information is on an affected device or machine. Hackers can also delete encrypted files and hold them for ransom. Any applications that use a version of Log4j can be attacked. Attackers from various countries, such as Russia, China, Iran and North Korea, have already capitalized on the vulnerability.
Who Could Be Affected?
Most peoples’ online devices and services likely use Log4j. The best way to mitigate the risk of experiencing an attack is to ensure all applications and device software are updated regularly, especially in the next few weeks.
On the other hand, it may be challenging for businesses in various industries to know what systems or applications use Log4j. It was reported that Log4j is extremely widespread and impacts applications such as FileZilla FTP, Cisco Webex and Minecraft. Even custom organization applications or cloud services are at risk of being compromised.
Common applications where Log4j is used include Apache Solr, Apache Druid, Apache Flink, Apache Struts2 and Apache Swift. Below are some cloud-based services that have been affected:
- Amazon Web Services
- IBM
- Oracle
- Cisco
- Salesforce
- VMWare
- Microsoft
- ServiceSoft
Other large products like Netty, Spring Framework and MyBatis use the Log4j library.
Reducing the Risk of Lo4j Exploits
Consider how many applications and software large companies use daily — all their crucial processes could be disrupted by one exploit.
Now would be a good time for companies to look at their current cybersecurity practices and ensure their organization is cybersecurity certification-ready. It may take an extended period to update your safety practices, but it can protect your business and its assets.
Thankfully, more enterprise products will release security patches to address the Log4j vulnerabilities, so it’s vital to keep all software updated. Be sure to update your Log4j to the latest version, Log4j 2.17.0.
Log4j Risk Mitigation Steps
Here are some ways organizations can mitigate the Log4j vulnerabilities to protect themselves from malicious threats.
- Update servers: Ensure that Log4j is updated and that any applications that rely on it are using the latest version.
- Install a firewall: Using firewalls is suggested. They add another degree of security and prevent outgoing connections from an attack.
- Remove jar files: Removing jar files is a good step to take, but other mitigation methods listed here should be used as well. Deleting jar files is intrusive and prone to error.
- Attack and hotfix servers: Use an exploit code to attack your servers as a way to address vulnerabilities. Be sure to hotfix them using Log4jHotPatch or Logout4shell, which are two open-source projects.
Your organization can also invest in Log4j detection and scanning tools to strengthen your protection against exploits.
Beware of Log4j Vulnerability
Hackers are becoming more innovative in their hacking techniques. They’ll exploit any vulnerabilities within a company’s network infrastructure to access sensitive information.
The Log4j vulnerability certainly puts more individuals and organizations at risk of experiencing cybersecurity incidents. Take time to strengthen your organization’s cyber resilience to keep hackers at bay.