What You Can Do to Protect Yourself from the New Log4j Security Vulnerability Release

Several security vulnerabilities have been released related to the tool Log4j, CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. og4j The vulnerability is an application used to log error messages in applications, most commonly related to Apache and Java.

What is the Impact of Log4j?

Since Log4j is widely used across web applications and internet facing devices as well as on computers that utilize the Java framework, the impact could be devastating. The SANS Institute estimates that up to three billion devices are impacted by this vulnerability. To date, over 840,000 attacks have been launched at companies worldwide since last Friday. Reports indicate attacks are increasing at over 100 incidents per minute.

The Log4j vulnerabilities have been given multiple high severity ratings, ranging from the highest severity of 10 to 7.5 from the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS). A CVSS rating of 10 indicates the vulnerability has proof of exploitation in the wild due to its low barrier of entry for attackers to exploit it. Low barrier of entry means that the skillset required to exploit this vulnerability is minimal, increasing the likelihood of exploitation.

What Happens When an Attacker Exploits Log4j?

When an attacker exploits these vulnerabilities, they can utilize an organization’s publicly available websites and resources that run Log4j to execute code on systems remotely. Common activities that attackers will pursue with this exploit are denial of service attacks, which renders a website or resource unusable, or executing malware on systems that can:

• Give remote access of systems to attackers
• Collect or exfiltrate sensitive data
• Harvest system information and user credentials
• Install ransomware to encrypt sensitive data in exchange for money/crypto
• Install cryptominers (malware installed to utilize another system’s resources to mine cryptocurrency.) This action can limit the performance of systems and cause service interruptions.

How Do I Know if I’m Impacted by the Security Vulnerability?

The best place to start is by looking at your inventory of hardware and software. The Cybersecurity and Infrastructure Security Agency (CISA) is maintaining a repository of known impacted software and the mitigation steps required to remediate this vulnerability. If you utilize Apache or Java as a framework then you should consider running a vulnerability scanning tool to scan your assets to discover vulnerabilities.

If you are unsure of your assets, a vulnerability scan of your external network and applications will help determine what vulnerabilities exists, including the Log4j vulnerability. We recommend an external scan to identify your risks on a periodic basis.

Top performing organizations create a culture of security.

HERE'S HOW YOU CAN, TOO

What Can I Do to Mitigate the Situation?

Eide Bailly recommends the following steps to assist in mitigating the Log4j vulnerabilities:

• Utilize scanning tools to gain visibility of vulnerable assets
• Patch any vulnerable version so Log4j to the latest release, currently 2.17.0
• Disable JNDI lookups if updates are not possible
• Implement strict rules on your firewall or other detection and response tools
• Monitor detection and response tools for indicators of compromise

The best way to stay on top of potential cyber-attacks is to regularly follow and implement cybersecurity best practices. These include:

• Asset inventory
• Access control and least privileged access
• Policies and procedures
• Third party vulnerability scanning and penetration tests
• Next Generation Antivirus and Endpoint Detection and Response (EDR)
• Incident Response Preparation and Table-top exercises

The Log4j vulnerability poses a severe threat to organizations of all sizes. Proactive security measures are your best response.

GET STARTED