Log4j, a common, widely used open-source library that enables developers to monitor and record activity within their applications, is foundational to a wide range of applications found on millions of servers around the globe. A vulnerability has been detected in Log4j code that hackers are exploiting to take control of servers to trigger denial of service conditions, steal confidential information, and deploy ransomware. Hackers are actively scanning the internet for affected systems with tools that automatically attempt to exploit vulnerable servers.
Scott Nelson, Director of Cybersecurity for Cerium Networks, has been tracking the outbreak, “I am not sure I’ve seen a vulnerability so expansive as Log4J. HeartBleed was particularly challenging and affected the SSL engine used across the world. But Log4J has a larger blast radius, and the news keeps getting worse. Open-Source Software embedded in systems and software that could be weaponized by a single text string is concerning. Cisco, VMware, and AWS were all affected. Then Blumira discovered WebSockets could also be leveraged to attack; the expanse of exposure was immense. Vendors who had proudly proclaimed they weren’t affected suddenly had to declare their exposure to the vulnerability as well. Cisco’s Talos Threat Intelligence group had identified 69 Indicators of compromise and security observables when they first introduced the threat. They have now identified over a thousand observables, and the list keeps growing. As we continue to wrestle with Log4J as an industry, it is critical that your defensive controls are adequate, well-tuned, and monitored. Patching will take time. And I fear, as we saw with HeartBleed, patching hygiene will not be uniform or timely.”
If you have concerns about Log4j, give us a call. Cerium can help you assess your exposure, evaluate emerging patches and mitigations, and offer solutions for addressing Log4j vulnerabilities.