Global computer networks are facing cybersecurity threats due to a flaw in a widely used internet software known as Log4J. On December 9, 2021, a very serious vulnerability in the popular Java-based logging package was disclosed. According to security experts, the bug could enable devastating cyberattacks that range across international borders and economic sectors. Hundreds of millions of devices are at risk.
Log4j is used and located on many systems including Java logging systems and is used to record user activity and application behavior. With this framework being available and vulnerable to remote access by bad actors, hackers have the ability to remotely execute code on a target's computer. This means bad actors can steal customer and company data as well as install malicious malware or even completely take control.
How big is the Log4j vulnerability?
Both back-end and internet-facing systems are at risk of containing the flaw. Log4j is loaded into many different pieces of software and is widely used in business software development, making the extent of the tool's reach impossible to track. Many large-scale tech suppliers such as Apple and Amazon are facing risks, along with millions of smaller, individual companies alike.
What is being done to fix this?
On December 11th, 2021, CISA Director Jen Easter released a statement on the Log4j vulnerability stating that, "this vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. End users will be reliant on their vendors, and the vendor community must immediately identify, mitigate, and patch the wide array of products using this software. Vendors should also be communicating with their customers to ensure end users know that their product contains this vulnerability and should prioritize software updates."
CISA is recommending Owners take additional steps in regard to this vulnerability including:
1. Enumerate any external facing devices that have log4j installed.
2. Make sure that your security operations center is actioning every single alert on the devices that fall into the category above.
3. Install a web application firewall (WAF) with rules that automatically update so that your SOC can concentrate on fewer alerts.
Please use this source as a way to track updates for this vulnerability.