The Apache Log4j logging library is a free Java tool that is used by many programs to log information. It was recently discovered that it has a zero-day security vulnerability that is easy to exploit. An attacker could cause the tool to log a specific message that can take over the entire host system. The new vulnerability has been identified and tracked as CVE-2021-44228 .
Read more: HIPAA compliant email: The definitive guide
What does this mean?
Since log4j is commonly used, it could cause widespread damage. Hackers can use the zero-day vulnerability to take over devices and services that are running software like iCloud or Twitter.
Unfortunately, hackers had an entire week's headstart to exploiting the vulnerability before it was publicly disclosed. Recent reports show that hackers are already targeting Windows users and attempting to install Khonsari ransomware and a remote access Trojan called Orcus.
"We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity," said Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) in a statement . "To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector."
What should vendors do to protect themselves?The Apache Software Foundation has already released a patch to fix the vulnerability. So it's crucial that people update their software. Organizations also need to search for malicious software that may have been installed before the vulnerability was discovered. The CISA also recommends that organizations take the following three additional steps:
- Enumerate any external-facing devices that have log4j installed.
- Make sure that your security operations center is actioning every single alert on the devices that fall into the category above.
- Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts.