Apache Log4j2 library vulnerability
On Thursday, December 9, 2021, a zero-day exploit was made public in the popular Java logging library Log4j. This is often used to create and store logging information from software, applications, hardware appliances etc.
Impacted versions of Log4j are 2.0 – 2.14.1, the vulnerability is fixed in versions 2.15.0 and 2.16.0
How big is the risk? This is a particularly dangerous vulnerability because the exploitation can be conducted remotely, it requires no authentication, and it can give full access to the server/device being attacked. Furthermore, it is trivial to exploit (using only a single line of code), and proof of concept attacks are already published online.
This log library is widely used, and is found in a wide range of appliances, and software from companies such as Apache Struts and Tomcat, Solr, Linux distributions, Blackberry Symantec, Apple etc.
Who’s most affected?
Unfortunately, there is no specific type of organization that is likely to be affected more than another, and it’s difficult for an individual business to see if they’re vulnerable. For example, while a customer might not have the vulnerability in their own version of the software they have written, it is entirely possible that appliances they use (such as VPN devices, cloud providers etc.) may have the vulnerability.
What should you tell your clients?
Key questions to ask your clients:
- Are you aware of the recent log4j vulnerability aka CVE-2021-44228 or log4shell?
- Have you assessed your exposure to it for internally developed applications?
- Have you spoken to your hardware/software/cloud vendors and assessed whether their services are impacted?
- Do you have a plan to deploy updates from outcomes of the questions above?
(Please note these are external links and are not endorsed or vetted by BOXX):
CCCS AV21-626 Apache Security Advisory
CERT United Kingdom – Alert: Active scanning for Apache Log4j 2 vulnerability (CVE-2021-44228)
CERT New Zealand – Log4j RCE 0-day actively exploited
Florian Roth – log4j RCE Exploitation Detection (Grep and YARA)
Greynoise IP List – CVE-2021-44228 Apache Log4j RCE Attempts
GitHub community resource identifying vulnerable applications
5 crisis communications tips that work
Those that have been confronted with this reality realize that responding to a cyber attack is very different from other types of corporate crisis – strong and clear communication from the front line becomes vital.
Reducing the risk of RDP brute force attacks
RDP brute force attacks are commonly used by hackers targeting remote working employees, and this new control will make brute forcing much harder.
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.