What You Need to Know Now and in the Future About Log4J Vulnerability

Businesses and government agencies are continually under attack from cyber hackers seeking to steal and sell data, bring down critical infrastructure, or reap a major payday. These cyber attacks are becoming more frequent and more sophisticated, and businesses of all sizes are encouraged to take precautions to mitigate risk, especially at year-end when risk increases as organizations are less vigilant over the holidays.

The most recent Log4J vulnerability is a live example of how serious and impactful these threats are and will continue to be. This vulnerability is one of the worst ever seen. It is being followed and reported by Homeland Security, the FBI, and all major cybersecurity organizations. The Log4J vulnerability has received a risk score of 10 out of 10 from Mitre’s CVE program.

Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently revealed Log4j vulnerability was “one of the most serious” she’s seen in her entire career, “if not the most serious”. “We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” Easterly explained.

To ensure organizations are safe from this flaw, a “sustained effort” will be needed, Gazlay added: “There’s no single action that fixes this issue,” he added, before saying that this is not a problem that’s going to disappear in a fortnight.

Besides patching up as soon as possible, companies should make sure all hands are on deck over the holidays.

According to the United States Cybersecurity & Infrastructure Security Agency (CISA), “Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms. These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions.”

If you think you are protected or not vulnerable, think again.

In a recent study we conducted with Filene, to understand credit unions’ technology infrastructure and cybersecurity readiness, 93% of credit union CEOs, COOs, and VPs for IT reported that they are compliant with IT regulations, but less than half (49%) believe their IT is up to date.

This suggests overconfidence in regulatory compliance and overall security, particularly when running on legacy hardware. The infrastructure may be “street legal,” but it is not likely to serve the credit union well in fending off more sophisticated cyberattacks.

So, what can you do today and during the holiday season to strengthen your risk tolerance?

Here are 5 key recommendations your organization can take now and through the holiday season to mitigate risk.

1. Identify and Inventory! Determine whether your vendors, applications, or systems are vulnerable. Make use of Vulnerable Scanners or even the free Log4J server scanner from CISA to help you inventory and identify which components in your environment need prioritization.
   
   
2. Update those applications, vendors, or systems to their latest versions. As of this writing version 2.17 is out and is key to mitigating this vulnerability. Start with those servers that are public facing, such as having a public IP address, in the DMZ, or part of load balancers.
3. Utilize the key security controls. Firewalls, Web Application Firewalls (WAF), and an EDR (END POINT DETECTION & RESPONSE) aka Antivirus. Firewall signatures, WAF signatures, and EDR agents can help protect against this vulnerability, but they can be bypassed. Layers of security always help to slow down attackers before it’s too late.
   
   
4. Utilize a SIEM (Security Information and Event Monitoring) or XDR to gain visibility into the logs on your servers. This is paramount in understanding whether you’ve been compromised. With Log4J we have seen such a prolific number of indicators of compromise (IoCs) which are the breadcrumbs of compromised systems, data, or applications.
   
   
5. Coverage and vigilance. Ensure your organization has 24/7 security coverage throughout the holiday season, whether it’s your in-house IT staff of a third-party service provider. Schedule scans and review logs daily until this attack has been mitigated and put behind us.

While there are many vendors who provide technology support and cybersecurity services that are critical to all businesses, the rapid evolution of technology and innovation to solve industry-specific challenges demands vendor partners with expertise and knowledge of the industries it serves in addition to the technology itself. As a managed IT CUSO we’re committed to protecting credit unions and their members across the nation.

If your organization does not have the necessary resources to address the Log4j vulnerability, our team of professionals are here to help.

We can provide Log4J specific assessments which include our Qualys vuln scanner to look for remnants of log4j and provide a comprehensive report to suggest redamation.

You can also email us directly at info@thinkstack.co 

For additional information and updates on the Log4j Vulnerability see recommended resources below:

• CUBroadcast: Episode #2760 (Interview with ThinkStack CTO Zachary Hill) https://www.thinkstack.co/blog/avoiding-this-years-holiday-vulnerability_log4j
• https://www.techradar.com/news/log4j-could-be-the-most-serious-threat-ever-seen-cisa-head-warns
• https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
• https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used-by-state-backed-hackers-access-brokers/