What is Log4j Vulnerability & How Can You Protect Your Business?

What is Log4j Vulnerability & How Can You Protect Your Business?

Last Updated:

The Log4j vulnerability has sounded the cyber-security alarms around the globe.

This is a part of the Apache Logging Services, a project of the Apache Software Foundation.

Log4J is used by companies like Google, Microsoft, and Apple and is a huge journal that provides a view of all past activities of an application.

On December 9, 2021, security experts discovered a remote code execution (RCE) vulnerability in Apache Log4j 2 software library, which is likely to affect 100 million instances worldwide.

This library is widely used for logging into various software and applications around the world.  

The vulnerability permits remote code execution by simply adding a specified string into a textbox and potentially gains access to LDAP.

CPR (Check Point Research) researchers discovered attacks exploiting this vulnerability, in more than 44% of corporate networks around the world.

The Common Vulnerability Scoring System (CVSS), scores this vulnerability as 10 out of 10 based on the potential impact this might have globally if exploited by attackers.

Hence it is posed as the biggest security threat.

The flaw was categorized as a zero-day vulnerability upon discovery, which means it was disclosed but is not yet patched.

In other words, developers have zero days left to release a patch before attackers start exploiting this flaw.

Why this Vulnerability is a Big Threat?

  • Attackers are attempting more than 100 times per minute to exploit the vulnerability.
  • According to Github, companies like Apple, Twitter, Cloudflare, Amazon, Tesla, and Google have been affected by this flaw.

How to Protect your Business?

Although Apache released a partial patch for the vulnerability on December 10th, affected and at-risk organizations around the globe need time for the proper implementation of this patch.

The issue is believed to be fixed with the latest version of the Log4j library and hence, all outdated versions must be updated as soon as possible.

You can refer to the Cyber Security and Infrastructure Security Agency (CISA) guidance to verify if your organization uses the Log4j software library.

If your organization uses this library, then to protect your business, you must abide or follow the below guidelines:

  • Update your Log4j software to the latest version.
  • Refer to the updated CISA guidelines to address the issue.
  • Ensure that your security operations center is addressing all alerts generated by affected devices.
  • The FTC Act may be violated if instances of this software are not identified and patched.
  • Distribute this information to any of your third-party vendors that provide products or services to customers.
  • Inform your end-users about these vulnerabilities, and urge them to immediately update your affected applications.

Conclusion:

Although an initial fix has been released, there is still more clarity needed to address the issue.

Tech giants around the globe are largely dependent on the Log4j software library and are working continuously to implement the patches.

While companies worldwide are acknowledging and responding to the issue, it can be resolved only when all the organizations that use the Log4j software library, implement the fix released by Apache before it expires.

By the time, you can follow these additional steps recommended by NCSC (National Cyber Security Centre) to stay on a safer side:

  • Check your systems for the use of Log4j
  • Check the list of vulnerable software(s)
  • Contact your software vendors
  • Set web application Firewall rules
  • Check for scanning activity
  • Check for exploitation

Here is the Log4j Remediation Case Study that we have implemented for one of our clients – Download Case Study