Home Business Log4j – A Vulnerability That Could Unravel You!

Log4j – A Vulnerability That Could Unravel You!

by George Mathews
308 views
Log4j is the latest in cyber attacks

If by now you are not familiar with the term Log4shell, then it is possible that you take your holidays seriously and have gone off the grid or you have seen this particular term trending but haven’t been affected enough to learn what it means and how it can disrupt your day to day. Log4shell is a critical vulnerability in the widely-used logging tool Log4j, which is used by millions of computers worldwide running online services

The Log4j vulnerability which many people are dubbing as the Log4Shell, can lead to great embarrassment for some pretty serious software players. Let’s start with understanding what is Log4Shell and what will be the fall out.

What is Log4j?

Modern software can be large, powerful, and complex. Rather than a single author writing all the code themselves as was common decades ago, modern software creation will have large teams, and that software is increasingly made out of ‘building blocks’ pulled together by the team rather than entirely written from scratch.A team is unlikely to spend weeks writing new code when they can use existing code immediately.

Log4j is one of the many building blocks that are used in the creation of modern software. It is used by many organizations to do a common but vital job. We call this a ‘software library’.

Log4j is used by developers to keep track of what happens in their software applications or online services. It’s basically a huge journal of the activity of a system or application. This activity is called ‘logging’ and it’s used by developers to keep an eye out for problems for users.

What is the issue?

Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

Who is affected by Log4j

Almost all software will have some form of ability to log (for development, operational and security purposes), and Log4j is a very common component used for this.

For individuals, Log4j is almost certainly part of the devices and services you use online every day. The best thing you can do to protect yourself is make sure your devices and apps are as up to date as possible and continue to update them regularly, particularly over the next few weeks.

For organizations, it may not be immediately clear that your web servers, web applications, network devices and other software and hardware use Log4j. This makes it all the more critical for every organization to pay attention to our advice, and that of your software vendors, and make necessary mitigations.

Why Should We Care About Log4j

This vulnerability – according to Security Boulevard – is particularly concerning because of the massive use of Log4j among some of the most popular software applications delivered by companies like Apple, Microsoft, and, of course, MineCraft, who have already announced that they were impacted by Log4Shell.

In addition, due to the nature of modern software architecture, it is almost impossible to know if a certain application is impacted by this vulnerability or not. Cloud infrastructure is a dispersed infrastructure. Software applications are composed of micro services and other third-party components who in turn are composed of their own smaller third party components. Therefore, unless software development teams can gain full visibility into how their data flows to and through their dependencies they will never truly know if they are impacted by this vulnerability.

WHAT IF…

– I know we are using Log4j in applications developed in house?

Update to the latest version of Log4j (currently Log4j 2.17.0).

– I know Log4j is present in applications supplied by a third party?

Keep any such products updated to the latest version. More products may release patches over the next few days and weeks, and so organizations should make sure they’re checking for updates regularly.

– I don’t know if anything we use is using Log4j?

Ask your in-house developers and/or third-party suppliers. We have asked that developers of affected software communicate promptly with their customers to enable them to apply available mitigations or install updates. In turn, you should act promptly on any such communications from developers.

 What else can we do?

1. Check your systems for the use of Log4j

2. Check the list of vulnerable software

3. Contact software vendors

4. Set Web Application Firewall rules

5. Check for scanning activity

6. Check for exploitation

7. Subscribe to the MCMC Early Warning, if any

8. See the vulnerability alert for more technical detail on these steps.

 What if we have been compromised because of this vulnerability?

If you are a Malaysian organization compromised by this vulnerability, report to MCMC via their website. See the vulnerability alert for the kind of activity you should report.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go

FREE
VIEW