You may have recently heard a lot of news reports about the Log4j vulnerability. It’s important to understand exactly what it is and what you need to be doing right now to protect your business. Let’s start with what Log4j is and how it’s used today.
What is Log4j?
Apache Log4j is one of the most popular logging utilities used across the Internet today. It’s a foundational framework that enables developers to track online activity for troubleshooting, auditing, and data tracking purposes. Because it’s an open source, free library, it touches almost every part of the Internet in some form or fashion. That means that even though you may not directly use Log4j, the vulnerability still can impact your business.
What is the Log4j Vulnerability?
A flaw was recently detected in the Log4j library that allows bad actors to execute code to a remote server with the intention of stealing data or inserting malware. It is difficult to detect, and a high percentage of businesses and other entities around the world are vulnerable to it without even realizing it.
Related video: CBS Mornings discusses the Log4j vulnerability with the head of security at CrowdStrike
According to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), the Log4j vulnerability is “incredibly dangerous to everybody’s business, everybody’s networks, [and] everybody’s system.” She recommends that everyone should assume they are exposed and vulnerable until they can confirm otherwise.
Although the defect was made public in early December 2021, the introduction of this “backdoor” into the open source dates back to 2013. According to CNBC, the Department of Homeland Security is investigating the origin of this serious flaw.
In the meantime, the “how” the Log4j vulnerability got introduced several years ago is not as important as the “what” we all should be doing about it today.
What Every Business Needs to Do Right Now.
Depending on your business environment, you may be using software that uses the Log4j vulnerable library. You can find a comprehensive list of affected vendor and software here.
If you see a vendor or software you use on the CISA compiled list, we encourage you to follow the U.S. Cybersecurity & Infrastructure Security Agency (CISA) actions:
- Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.
- Discover all assets that use the Log4j library.
- Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.
- Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).
How is it fixed?
Addressing the Log4j vulnerability is a highly technical fix. Your business may want to work with internal or third-party technical resources potentially including your web host and/or your web developer if you host a website.
If Log4j is utilized anywhere in software, it must be updated to the most recent version. More detailed information is available at many sources including the CISA Apache Log4j Vulnerability Guidance page.
Secondly, conduct a security review to determine if there is a security concern or compromise. The log files for any services using affected Log4j versions will contain user-controlled strings.
Lastly, consider reporting compromises immediately to CISA and the FBI.
Additional Proactive Measures to Protect Your Business:
- Prioritize software updates for your computers, servers, and devices.
- For any software applications used (local or cloud), look for the vendor’s log4j information page (search for the vendor’s name + log4j) or go to their webpage. Look to understand what they’re doing about the Log4j vulnerability and if a patch is available for your version.
- Work with vendors that provide any type of technical service to your business.
Security Best Practices for Your Business
The wide-spread impact of the Log4j vulnerability is a loud reminder that security needs to remain front and center of all businesses. A breach is costly to your bottom line and greatly damages the trust your customers have placed in you. Your financial hit may recover but rebuilding customer trust and your business reputation can take much longer. Here are seven cybersecurity best practices that all businesses should engage to enhance their protection.
Security is a big deal – particularly since cybercrime is up 600% as a result of the pandemic. If you have questions regarding your Log4j vulnerability or how to keep your business protected, I’m happy to talk to you. Please contact me at consulting@windriverfinancial.com.