What You Should Know About the Log4j Security Issues Impacting Millions of People
It seems you can’t open your browser anymore without seeing a headline about a major new security vulnerability. The threat landscape continues to get more complicated. This is both due to the pace of technology advancements that can cause software developers to miss security flaws, and the fact that large criminal organizations continue to optimize attack delivery.
This continuing evolution also includes network security, which needs to evolve to keep up with more sophisticated threats.
The latest vulnerability in the news has to do with Apache’s Log4J. This is a code that many cloud service and app providers use within the structure of their code. For example, some of the services/apps that use Log4J are:
- Apple’s cloud computing service
- Microsoft Azure
- Oracle, Red Hat, VMware
- And many others
What Does Vulnerability Mean?
When we talk about code and software vulnerability it means that there is a mistake or “loophole” in the code that allows a hacker to exploit it to gain access to a system. The type of access they gain can vary according to the vulnerability.
When a criminal hacking group finds a vulnerability like the one in Log4J, they will often write several exploits that take advantage of it. An exploit would be malicious code designed to use that vulnerability to gain some type of system access.
This access could be the ability to send commands to a device or the ability to see data that a device holds. There can be multiple exploits written that take advantage of one code vulnerability.
What is Log4J & Why Is It Dangerous?
Log4J was developed by Apache and is a Java-based logging utility that is used widley in enterprise and consumer services, apps, and websites. Without getting too much in the weeds of technical jargon, a logging utility is a specific type of tool that allows programmers to keep track of log files. Log files are messages of events that happen in a computer system (including in the operating system and other software).
Because logging is one of those core functions in many different services and programs, a code vulnerability in the tool that does the logging has far-reaching consequences for system security.
If using a cloud service that has developed their platform using the Apache Log4J utility, your computer or mobile device could be at risk of a breach.
What Kind of Things Can Happen from Exploiting Log4J?
You can review the Apache Log4J Vulnerability Guidance page to see a full list of resources and recommenations related to this vulnerability. We’ll include some of the most dangerous types of things that hackers can do when exploiting the Log4J vulnerability.
Remote Code Execution (Critical Severity)
At the top of the severity level is the ability to remotely execute code. This can allow a hacker to take over a device and run other types of attacks. For example, they could run code that plants ransomware or malware using this exploit. Or create another administrative user for the device and gain full access to all your data.
Denial of Service (High Severity)
A distributed denial of service (DDoS) attack is the act of flooding a service or site with so much traffic that it becomes overwhelmed and can no longer operate. DDoS attacks are common against websites and cloud services.
Improper Validation of Certificate (Low Severity)
Lower on the severity scale, but still dangerous is the ability to impact certificate validation. This could allow a hacker to gain access to unprotected data being sent through log messages.
What Should We Do About This Vulnerability?
Upate All Devices
Many software developers and cloud services providers, and Apache itself, have issued patches to address the code vulnerability. But it’s up to users to apply those patches, which will come in the form of a software update.
Make sure all devices, including those used by remote employees, have all updates applied.
Monitor Your Network & Cloud Applications
It’s important to have ongoing monitoring in place that can alert you to any anomalies in data traffic or access patterns. Be sure to watch for any potential breaches or irregular logins to any of your internet-facing systems.
Reach Out to Impacted Vendors You Use for Guidance
You can find a list here of vendors impacted by the Log4J vulnerability. Review the list to see if there are any vendors that you use included. If so, reach out to them for specific guidance on any updates that need to be made to secure your use of their platform.
Automate Your Security Updates to Improve Protection
Automating your security patch and update installation on all devices significantly reduces your risk of a breach. AhelioTech can help your Columbus area business with tailored managed services solutions to fit your business needs.
Contact us today for a free quote. Call 614-333-0000 or reach out online.