The post “What You Can Do to Protect Yourself from the New Log4j Security Vulnerability Release” appeared first on EideBailly.com.
In December, several security vulnerabilities were released related to the tool Log4j, an application used to log error messages in applications, most commonly related to Apache and Java.
What is the impact of Log4j?
Since Log4j is widely used across web applications and internet-facing devices, as well as on computers that utilize the Java framework, the impact could be devastating. The SANS Institute estimates that up to three billion devices are impacted by this vulnerability. Hundreds of thousands of attacks have taken place, and this vulnerability could be exploited for years to come. There is also a low barrier of entry for attackers, with a minimal skillset required to exploit it.
What Happens When an Attacker Exploits Log4j?
When an attacker exploits these vulnerabilities, they can utilize an organization’s publicly available websites and resources that run Log4j to execute code on systems remotely. Common activities that attackers will pursue with this exploit are denial of service attacks, which renders a website or resource unusable, or executing malware on systems that can:
- Give remote access of systems to attackers
- Collect or exfiltrate sensitive data
- Harvest system information and user credentials
- Install ransomware to encrypt sensitive data in exchange for money/crypto
- Install cryptominers (malware installed to utilize another system’s resources to mine cryptocurrency.) This action can limit the performance of systems and cause service interruptions.
How Do I Know if I’m Impacted by the Security Vulnerability?
The best place to start is by looking at your inventory of hardware and software. The Cybersecurity and Infrastructure Security Agency (CISA) is maintaining a repository of known impacted software and the mitigation steps required to remediate this vulnerability. If you utilize Apache or Java as a framework then you should consider running a vulnerability scanning tool to scan your assets to discover vulnerabilities.
If you are unsure of your assets, a vulnerability scan of your external network and applications will help determine what vulnerabilities exists, including the Log4j vulnerability. We recommend an external scan to identify your risks on a periodic basis.
What can I do to Mitigate the Situation?
Eide Bailly recommends the following steps to assist in mitigating the Log4j vulnerabilities:
- Utilize scanning tools to gain visibility of vulnerable assets
- Patch any vulnerable version so Log4j to the latest release
- Disable JNDI lookups if updates are not possible
- Implement strict rules on your firewall or other detection and response tools
- Monitor detection and response tools for indicators of compromise
The best way to stay on top of potential cyber-attacks is to regularly follow and implement cybersecurity best practices. These include:
- Asset inventory
- Access control and least privileged access
- Policies and procedues
- Third party vulnerability scanning and penetration tests
- Next Generation Antivirus and Endpoint Detection and Response (EDR)
- Incident Response Preparation and Table-top exercises
Learn more about cybersecurity best practices at EideBailly.com.