Log4j Vulnerabilities: Are You Prepared?
A recently discovered vulnerability found in Apache software has system administrators and security pros around the world on edge. The vulnerability, announced on Dec. 9, is known as Log4 Shell. It’s a flaw in the system that could expose some of the world’s most popular apps and services to attack — both now and for years to come. Log4j is a Java library that is popular with consumers, with systems used to operate games like Minecraft, for example. To exploit the flaw, all an attacker needs to do is send a malicious code string that is later logged by the Log4j version 2.0 or higher. Alerts were soon issued around the world, with the U.S. Cybersecurity & Infrastructure Security Agency encouraging users and admin to “review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.”
Why Does It Matter?
The Log4j vulnerability could mean that hackers can access your computer system and install malware, steal user credentials, and worse.
How Widespread Is Log4j Shell?
The vulnerability is extremely widespread and can affect enterprise applications, embedded systems, and their sub-components, including Cisco Webex, Minecraft, and FileZilla FTP.
Are Hackers Exploiting It?
You bet. It appears that many hackers knew about Log4j more than a week before the flaw was publicly disclosed, and Microsoft has said that state-backed hackers from China, Iran, North Korea, and Turkey were already trying to exploit its flaws.
What Steps Should You Take to Protect Your Business?
Identification and remediation of this vulnerability should be an immediate priority, cybersecurity leaders say. Begin by auditing your applications, website, and system — anything that is connected to the internet or can be considered public-facing, with particular attention paid to systems that contain sensitive operational data such as customer details and access credentials. Also, pay attention to remote employees and ensure that they update their personal devices and routers. Don’t simply send out a list of instructions – be prepared to walk them through the steps to get this job done.