Background
On December 9, 2021, an exploit proof-of-concept was made publicly available for a vulnerability in open-source logging utility, Apache Log4j versions 2.14.1 and below. This exploit, CVE number 2021-44228, allows attackers to force vulnerable applications to remotely run arbitrary code without authentication, resulting in a complete compromise of the application and the system running the application.
Who is at most significant risk?
Because log4j is an open-source java-based logging utility, the potential impact is widespread across many industries and organizations. Businesses and accounting organizations that use programs containing the “log4j” application, such as Apache or SAP Business Objects, are at increased risk. Other high-risk industries include organizations using business reporting and analysis applications such as academic facilities, managed services providers, and financial services providers. Several cloud-based applications, including Steam, Apple iCloud, and Minecraft, have already identified vulnerabilities.
For its level of severity, Log4j scored a 10/10 CVE rating. Kivu expects to see an influx of incidents related to this vulnerability, particularly organizations without endpoint detection and response (EDR) solutions and using applications such as Apache framework services or any spring Boot Java-based framework.
What can you do to protect yourself now and in the future?
Implement endpoint detection and response solutions. If you aren’t currently using an endpoint detection and response (EDR) solution, investigate implementing an EDR tool as part of your 2022 cyber resilience plan. EDR solutions provide enhanced visibility into your network with real-time, 24/7 threat detection and monitoring.
Inventory your IT assets. Before an organization can respond to a vulnerability, they need to understand what part of their infrastructure is potentially impacted? Many networked devices that fall under IoT are not eligible for an EDR agent and are thus susceptible to vulnerabilities like Log4j.
Complete a vulnerability scan. While inventory asset tools like Kivu’s Rumble Asset Discovery software can scan and identify outdated and orphaned devices, a vulnerability scan identifies systems, devices, and applications for exposures that may leave you susceptible to threats. Conducting regular vulnerability scans is instrumental to assessing modern security risks and the insights needed to maintain a robust cybersecurity posture.
Keep patches up to date. Software updates are important because they include essential patches to security vulnerabilities and the latest bug fixes. This is a crucial step in maintaining proper cyber hygiene and mitigating the risk of threats.
Test and validate your security controls with tabletop exercises. Successful response plans are tested and practiced. Tabletop exercises leverage real world attack scenarios to ensure that roles and responsibilities are understood and that incident response plans hold up to the ever-changing hacker tactics.
It’s common for hackers to exploit newly discovered vulnerabilities to infiltrate organizations, spread havoc, steal data, and extort companies for large ransoms. As we close out 2021 and move into a new year, organizations must evaluate their overall cyber readiness and implement controls and resources known to mitigate the risk of cyber threats. Investing in resources to bolster your cyber hygiene will save you time and money in the future – when minutes, sometimes seconds, count.
Contact mmullins@kivuconsulting.com to learn more about asset management, endpoint detection and response, and Kivu’s suite of end-to-end cybersecurity services.
Comments