Previously, we invited three technology experts to share their perspectives on the threats posed by not addressing the Log4j vulnerabilities.
Quick recap
Log4J is a logging library for Java. It is used to debug software during its development lifecycle and entails inserting log statements into code. On 24 November 2021, a vulnerability in log4j 2 was discovered, given a CVE ID (CVE-2021-44228), and rated 10 – the highest score under the Common Vulnerability Scoring System.
In the article, What Security Leaders Need to Know — and Do — About the Log4j Vulnerability, Gartner senior director analyst, Jonathan Care commented that “if left unpatched, attackers could use this vulnerability to take over computer servers, applications and devices, and infiltrate enterprise networks. We are already seeing reports of malware, ransomware and other automated threats actively exploiting the vulnerability.
“The attack barrier for this vulnerability is extremely low — all it requires is an attacker typing a simple string into a chat window. The exploit is “pre-authentication,” which means an attacker does not need to sign into a vulnerable system to overcome it. In other words, expect that your web server is vulnerable,” he continued.
Protective measures
According to Care, cybersecurity leaders need to make identification and remediation of this vulnerability an absolute and immediate priority.
“Start with a detailed audit of every application, website and system within your domain of responsibility that is internet-connected or can be considered public-facing. This includes self-hosted installations of vendor products and cloud-based services. Pay particular attention to systems that contain sensitive operational data, such as customer details and access credentials,” he advised.
Upon completion of the audit, attention should be turned to remote employees to ensure that they update their personal devices and routers, which form a vital link in the security chain.
“This will likely require a proactive, involved approach, as it is not sufficient to simply issue a list of instructions, given vulnerable routers provide a potential entry point into key enterprise applications and data repositories. You’ll need the support and cooperation of the broader IT team,” he stressed.
He cautioned that this is the time to invoke formal severe incident response measures in line with organizational incident response plans.
“This incident merits involvement at all levels of the organization, including the CEO, CIO and board of directors. Ensure you have briefed senior leadership and that they are prepared to respond to questions publicly. This vulnerability and the attack patterns exploiting it are unlikely to subside for some time, so active vigilance will be important for at least the next 12 months,” he concluded.
Click on the link to read the full article.