Several security vulnerabilities have been released related to the tool Log4j, CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. og4j The vulnerability is an application used to log error messages in applications, most commonly related to Apache and Java.
Since Log4j is widely used across web applications and internet facing devices as well as on computers that utilize the Java framework, the impact could be devastating. The SANS Institute estimates that up to three billion devices are impacted by this vulnerability. To date, over 840,000 attacks have been launched at companies worldwide since last Friday. Reports indicate attacks are increasing at over 100 incidents per minute.
The Log4j vulnerabilities have been given multiple high severity ratings, ranging from the highest severity of 10 to 7.5 from the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS). A CVSS rating of 10 indicates the vulnerability has proof of exploitation in the wild due to its low barrier of entry for attackers to exploit it. Low barrier of entry means that the skillset required to exploit this vulnerability is minimal, increasing the likelihood of exploitation.
When an attacker exploits these vulnerabilities, they can utilize an organization’s publicly available websites and resources that run Log4j to execute code on systems remotely. Common activities that attackers will pursue with this exploit are denial of service attacks, which renders a website or resource unusable, or executing malware on systems that can:
The best place to start is by looking at your inventory of hardware and software. The Cybersecurity and Infrastructure Security Agency (CISA) is maintaining a repository of known impacted software and the mitigation steps required to remediate this vulnerability. If you utilize Apache or Java as a framework then you should consider running a vulnerability scanning tool to scan your assets to discover vulnerabilities.
If you are unsure of your assets, a vulnerability scan of your external network and applications will help determine what vulnerabilities exists, including the Log4j vulnerability. We recommend an external scan to identify your risks on a periodic basis.
Top performing organizations create a culture of security.
Eide Bailly recommends the following steps to assist in mitigating the Log4j vulnerabilities:
The best way to stay on top of potential cyber-attacks is to regularly follow and implement cybersecurity best practices. These include:
The Log4j vulnerability poses a severe threat to organizations of all sizes. Proactive security measures are your best response.