A maximum severity rating was recently issued for an Apache Log4j vulnerability on December 10, 2021. The vulnerability allows cyber threat actors to use remote code execution on the servers of the open-source Java package used for logging applications. Log4j is widely used in consumer and enterprise services, websites, applications, and operational technology products to log security and performance information. An unauthenticated cyber threat actor could remotely exploit this vulnerability to take control of an affected system.
According to the CISA, immediate actions to protect against Log4j exploitation
- Discover all internet-facing assets that allow data inputs and use the Log4j Java library anywhere in the stack.
- Discover all assets that use the Log4j library.
- Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.
- Monitor for odd traffic patterns (e.g., JDNI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).
Cyber threat actors are actively scanning and exploiting this vulnerability, with many security researchers noting an increased number of scans targeting internet-facing systems. It’s essential to identify, mitigate and patch any solutions that utilize affected versions of Log4j. Anyone who believes this vulnerability might impact them should review the guidance provided by the Apache Software Foundation or the CISA.
Talk to your trusted RCM&D advisor today for more on the Log4j vulnerability and tips on what’s next if you suspect your system has been exploited.