A vulnerability in an open-source logging library is compromising digital systems across the web. Log4j, a logging framework that keeps records of user activity within an application, contains a bug that can be easily exploited by hackers to take full control of vulnerable systems.

News of the vulnerability has been sweeping the media, as it’s been confirmed that a number of mainstream services have been affected. Whilst the bulk of remediation work is to be done by IT developers working behind the scenes, there are a few steps you can take to assess whether your business has been impacted, and subsequently protect your business from this latest vulnerability.

How does it work?

 

Log4j is developed by the open-source Apache Software Foundation and is a central Java-logging framework. The exploit begins when attackers send a string of malicious code to vulnerable systems, which is then eventually logged by Log4j (Ver 2.0 or higher). Subsequently, further code grants the attacker remote access to the entire system.

The vulnerability, described as “a design failure of catastrophic proportions”, affects a framework often used in enterprise systems and web applications. There are more than 6000 instances of the Log4j framework reported as “in use” on a repository shared by the NCSC.

A number of major service providers have been affected by the exploit; most notably Amazon Web Services, Cisco, ConnectWise and VMWare. Cisco and VMWare have released patches for affected products, with other affected providers such as IBM announcing they are ‘actively responding’ to the threat.

How can I protect my business?

 

Essentially, any device that uses the internet and is running Apache Log4j versions 2.0 to 2.14.1 is at risk, and device users must be hypervigilant in installing updates and following service advice. It’s been highlighted that over 40% of corporate networks have seen attempted breaches since the exploit was discovered.

The primary advice for businesses and users is to identify which devices are running Log4j, and update them to version 2.15.0, as this version remains unaffected. Furthermore, device users must follow the advice provided by individual vendors, and immediately apply patches as provided. To ensure infiltration has not been missed, business can implement protective network monitoring strategies – and set up alerts for probes or attacks against devices running Log4j.

Priority Actions

 

  • Install updates for where known Log4j usages are present.
  • Apply patches on release.
  • Discover unknown Log4j usages within your org.
  • Deploy protective network monitoring.

Act Now

 

As this vulnerability has been labelled a severe threat by security experts, it’s essential to act now and protect your business’ interests. By following the advice provided, you are minimising the risk of attack. However, if you are worried about your exposure to the vulnerability, chat with one of our IT experts today.