Over the past week, you may have heard about a major cybersecurity vulnerability called Log4j that is impacting nearly all the internet, causing security teams across industries from financial institutions to government organizations to race against the clock to patch their systems before cybercriminals can attack. Read on to learn more about Log4j and how to best protect your organization.
What is Log4j?
Log4j, a java-based logging utility that is part of the Apache Software Foundation, is a piece of open-source logging software that allows developers to understand how their programs function. This tool helps programmers output log statements to a variety of output targets, which helps companies understand potential bugs or performance issues in their software.
What is the Log4j vulnerability?
On December 9th, 2021, the Log4j vulnerability, a zero-day vulnerability involving arbitrary code execution, was published by the Alibaba Cloud Security Team as “Log4Shell.” Log4j can be exploited, enabling internet-based attackers to take over computers, control systems, and networks of organizations running the program. While some patches have been released, applying them properly can take a large amount of time, effort, and money to make sure the patches are applied correctly and don’t cause any issues.
How can it be used by attackers?
The concern is that cybercriminals can exploit the flaw to take remote control of any unpatched system, effectively using it in any way they’d like. This would allow attackers the ability to steal user data and even take control of real-world infrastructure. So far researchers have observed cybercriminals using the vulnerability to install ransomware.
Which vendors are affected?
Vendors are swiftly investigating their applications for potential impacts from the Log4j vulnerability, including giants like Amazon and Adobe. Here’s a link to all vendors investigating the vulnerability.
What steps can I take?
The Cybersecurity and Infrastructure Agency (CISA) has urged companies to take three urgent steps to protect their organizations:
- First, determine if you utilize any affected products using the vendor list
- Second, if monitored by a security operations team, verify they are blocking all log4j compromised sites
- Third, follow vendor guidance when patches are available and take any remediation steps necessary
Also, CISA will be updating a webpage with guidance on the vulnerability that can be helpful moving forward.