November 24, 2021. The security team at Alibaba Cloud discovers a critical vulnerability in the popular Java logging service Apache Log4j. They report it to Apache, which gets it pulled from Github. From there, the true extent of the vulnerability begins to take shape.
Tracked as CVE-2021-44228 and CVE-2021-45046, also known as Log4Shell, the Log4j vulnerability has sent the world's cyber security experts into a panic. But what is it, and should companies residing in the European Union care?
Let's take a look.
If your company currently operates Java-based applications using versions 2.0 through 2.15.0 of the Apache Foundation's Log4j logging library (which replaces the built-in log4j package), then this threat is highly relevant to your business.
What Log4Shell inadvertently enables is, essentially, the possibility of a remote takeover of your system. Attackers exploiting this issue are able to remotely execute a specially crafted code to gain access to their target's system. They don't need login access, and it's not even particularly difficult.
This is also not solely a Windows problem
It's common for non-Windows users to believe they are safe from typical cyber threats, but that's not the case with Log4Shell. This is a vulnerability in a Java library, which is a cross-platform tool. Attackers can target users on any operating system that can run Java.
This is a wide-reaching problem. The Apache Foundation's logging package is in use by thousands of companies all over the world, and the vulnerability itself can be quite difficult to patch (depending on the environment). The European Union Agency for Cybersecurity (ENISA) is recommending that all EU organizations, especially those who fall under the Network and Information Security (NIS) Directive, assess their systems and take precautionary measures.
Even if you don't develop Java-based apps, it would be wise to perform an assessment
The thing is, your partners and vendors may be vulnerable to the exploit. The global supply chain these days is digital, and even if an affected company is on the other side of the world to yours, if their system and your system have any kind of connection, you're only as safe as they are.
If you're worried that your system could be compromised by this threat, there are a few steps you need to take immediately in order to reduce the likelihood of a breach.
This is a tricky type of vulnerability to defend against, as you won't necessarily know when another like it will appear - or where it will appear from. That said, there are a number of measures you can take over the coming months that will better place your organization to rapidly respond to future exploits and attacks. This will require some additional reading.
If your business has not already gone through a basic security architecture transformation, or the above checklist has revealed significant security risks, we recommend reading the following:
Need personalized help with a professional you can actually talk to? Contact us today to discuss your unique needs and what steps your organization must take to improve its security defensibility.