By now, most people have heard of the critical vulnerability in the popular Java-based library, Apache Log4j, discovered last December. Nicknamed Log4Shell, this remote code execution vulnerability can result in a complete remote system takeover. Since Log4j is broadly used in a variety of consumer and enterprise services and applications, the entire tech industry spent the tail end of 2021 trying to address the flaw to prevent hackers from exploiting it.
The Current State of Log4j
- The Apache Software Foundation (ASF) has released several patches to address the Log4Shell vulnerability and has urged organizations, developers, and IT administrators to patch their systems.
- Most IT vendors impacted by this vulnerability have been working on updating their affected products. As an end-user, you should have received emails from your software and application providers informing you of the steps they are taking to address this critical exploit.
- The Cybersecurity & Infrastructure Security Agency (CISA) has set up a dedicated page with instructions on how to mitigate the Log4j vulnerability. This page is being updated as new information is released. The majority of mitigation measures are the responsibility of IT vendors and IT administrators. End-users of the affected products and services should refer to their respective vendors for security updates. Visit CISA’s Apache Log4j Vulnerability Guidance page to learn more.
- According to cybersecurity firm Tenable, 30% of organizations haven’t begun assessing their environments for Log4Shell.
- On January 4th, the Federal Trade Commission (FTC) released a statement advising organizations to take action to mitigate the effects of the Log4j vulnerability. “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action (…) The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”
- Microsoft’s threat intelligence team has been tracking threats taking advantage of the Log4Shell vulnerability. At this time, the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems.
- On January 10th, Microsoft warned users of a China-based ransomware operator exploiting the Log4Shell vulnerability in internet-facing systems running VMware Horizon. The company’s investigation shows that successful intrusions led to the deployment of the NightSky ransomware.
Though the situation has improved immensely in the past 30 days, Log4j activity is expected to play out well into 2022. This means organizations and IT providers need to stay informed and remain vigilant.
Need help navigating the Log4Shell vulnerability? Send us a message and let’s talk–no strings attached. At Digital Industry we have been working hard to ensure that both our clients’ managed systems and the systems we use to serve them are well-protected from this serious exploit. If your vendors are not giving you a clear message regarding what they’re doing to address this vulnerability, we can work with you to ensure your systems are truly protected.