At this point, you’ve likely heard about the Apache Log4j vulnerability and the severity of the issue. With all of the buzz around the security flaw, you need to know what exactly the threat is and who it potentially affects.
The flaw allows hackers to compromise any system running Log4j that’s connected to the internet, putting networks and sensitive information at risk.
Let’s dive into the details of the Log4j vulnerability to give you additional insight and determine if your organization needs to take any action to protect against a cyberattack.
What’s the Potential Threat?
Many companies use Apache’s Log4j software library as log security and performance information for various supporting systems. There’s a flaw in the software that opens the opportunity for an attacker to take advantage of any system running Log4j and run code that can compromise the system and capture sensitive information and penetrate deeper into a network.
You can read more about the technical specifics here.
Who’s At Risk?
Firstly, you should not be at risk if you have proper cyber security best practices and protocols in place.
To be a target, your system running Log4j would also need to be exposed to the internet. If you’re not running Apache Log4j, or if you are and it isn’t exposed to the open internet, you have one more avenue to review before you’re in the clear.
Because Log4j is used by many companies for various supporting systems, if you have any business critical, third-party applications, you must verify with those vendors that they have reviewed their systems. They should provide you with proof that they don’t use Log4j or that they’ve remediated the problem through patching.
What You Should Do If You’re Affected
According to the Cybersecurity & Infrastructure Security Agency (CISA), Apache released Log4j version 2.15.0 in a security update to address this vulnerability, but the security update must be implemented by those maintaining the systems to remediate the affected versions of Log4j. If you’re a user of an affected system, you should refer to the system’s vendor for security updates.
Due to the severity of this flaw and the likely exploitation by hackers, CISA recommends vendors and users who are impacted take the following actions:
Vendors
- Immediately identify, mitigate and patch affected products using Log4j
- Inform your end users of products that contain this vulnerability and strongly urge them to prioritize software updates
Affected Organizations
- Take account of external-facing devices that have Log4j
- Ensure your security operations center’s (SOC) actions alert these devices
- Install a web applications firewall (WAF) with rules that automatically update
- Review CISA's upcoming GitHub repository for a list of affected vendor information and apply software updates as soon as they become available
For additional information on the threat and what actions vendors and affected organizations should take, you can visit CISA’s Apache Log4j Vulnerability Guidance webpage.
Additional Resources
You might be interested in the following resources from Gross Mendelsohn:
- Paying Ransom On a Ransomware Attack Is Illegal
- How to Protect Your Business From Ransomware
- 5-Minute Guide to Cyber Security
- What Business Owners Need to Know About Cyber Insurance
- Tips and Tricks for Cyber Security Awareness Month
- Schedule Your Free Cyber Security Assessment with Gross Mendelsohn
Need Help?
Our Technology Solutions Group includes a team of cyber security experts who are available for support should you have any questions regarding this threat. We’re happy to meet with you for a free cyber security assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.
