Log4J Vulnerability Explained  

A flaw in widely used internet software known as Log4j has left many organizations searching for answers to precisely what the vulnerability is, how it will affect their business, and how to respond to this new and alarming cybersecurity threat. There’s a mass amount of information for organizations to sift through when searching for answers regarding Log4j/Log4Shell, so we’ve broken it down.

What is Log4j/Log4Shell?

Log4j is a popular open-source Java-based data logging tool widely used in many applications, websites, technology products, and services across the internet. Log4Shell (CVE-2021-44228) is a zero-day vulnerability that impacts systems using Log4j 2.0-beta9 up to 2.14.1.

It is reported that cyber attackers are targeting organizations that have vulnerable systems. If successful, it may allow them to perform remote code execution, implant malware, collect passwords, log keystrokes, exfiltrate sensitive data, place cryptocurrency miners, or deliver ransomware.

How Bad is Log4Shell?

The vulnerability scores the highest possible rating of 10.0 (Critical) on the CVSS scoring methodology. The attack complexity is low, does not require privileges or user interaction, and has high impact levels. Repeatedly dubbed one of the most significant known vulnerabilities, it is estimated to affect hundreds of millions of devices. However, the true extent of exposure to this vulnerability is unknown, as it may be deeply embedded in your technology stack due to dependencies.

Steps Organizations Should Take for Log4Shell

There are several steps an organization should take, but here are some key ones to start:

• Work to discover vulnerable applications. Run external and internal network vulnerability scanning to assist in identifying any of your assets that use Log4j.
• Check affected third-party and vendor products within the CISA Vendor Database and identify solutions that might impact you.
• Update affected assets to the most recent version of Log4j. Sign up for notifications and continue to monitor new update releases and recommendations.
• Version 2.15.0 was released on December 6th to address the remote code execution via CVE-2021-44228; however, new vulnerabilities were subsequently discovered.
• CVE-2021-45046 was addressed and patched on December 13th with version 2.16.0
• The most recent update, version 2.17.0 on December 17th, remedied another vulnerability, CVE-2021-45105.
• If patching is not possible, consider isolating affected assets and performing additional mitigation steps or workarounds. Learn more at CISA’s vulnerability guidance page.
• Fully update ALL apps and products promptly as patches are released.
• Closely monitor all network logs (endpoint, network, firewall, IPS, cloud, WAF) for suspicious activity, including suspicious outbound traffic and connections.
• Review your cybersecurity insurance coverage and incident response plan.

Be Prepared for Any Vulnerability

In a constantly evolving cyber landscape, there is always the possibility of a new vulnerability emerging. By incorporating sophisticated tools into a comprehensive cyber program, you can mitigate the risks. Here are tools from Defendify that can enable you to hunt and detect vulnerabilities within your network:

Network Vulnerability Scanner:  The scanner automatically searches your networks and systems for security vulnerabilities then provides detailed reports to help you understand what risks to consider and where security gaps are. It runs autonomously, leveraging artificial intelligence, machine learning, contextual prioritization, and advanced logic to maximize reach through the network and report regularly on any issues requiring remediation.

Threat Alert System: Stay informed about the latest cybersecurity threats, trending attacks, cyber incidents, and published vulnerabilities that could impact your business. This way, you can keep your employees and customers informed and take the necessary precautions to avoid falling prey to cybersecurity-related attacks.

Access the Vulnerability Scanner and Threat Alert Systems for free with our Cybersecurity Essentials Package

Breach Detection and Response: With our BDR module, organizations can get enhanced protection from emerging threats. The managed detection and response technology is always-on, working 24/7 to closely watch activity, analyze data and trends, identify anomalies, and counteract developing cyberattacks in real-time.

Ethical Hacking: Ethical Hacking (also known as Penetration Testing) is a safe and controlled method for uncovering more profound, company-wide security vulnerabilities that might get overlooked. It uses certified “white hat” hackers, techniques, and state-of-the-art tools to attempt to breach your networks and gain access to your systems and data.

Additional Log4Shell Resources

National Vulnerability Database Information
Fixes in versions of Apache Log4j 2
Center For Internet Security Log4j Zero-Day Vulnerability Response Guide (includes a helpful flow chart and incident response playbook)