4 things we can learn about Log4Shell vulnerability

Written by Edmundo LLopis | Dec 16, 2021

In recent days, the world has been on alert because of a new zero-day threat that allows Remote Code Execution (RCE). 

Vulnerability CVE-2021-44228 in the Apache Log4j library has been assigned a CVSS severity level 10 of 10. It enables unauthenticated remote code execution and leaves vulnerable numerous Java applications that use this library to log error messages around the planet.

 

Apache Log4j is part of the Apache Logging Project, a very popular library among Java developers for its ease of error logging. That's why many companies use it, including Red Hat, Apple iCloud, Amazon, Tesla and Twitter.

 

The easiest way to avoid the vulnerability is upgrading the log4j version to the updated version. The Apache Log4j Security Vulnerabilities page provides an analysis of different scenarios and  possible workarounds.

 

From that, we make some additional recommendations :

 

1.

Knowing your risk appetite and acting on this information in a timely manner is critical to ensure that your cyber protection resources are commensurate with your level of exposure and risk appetite.

 

Would you like some help with that? CyVent is currently offering a free report that provides a summary of your organization's security risk rating using RiskRecon’s cyber risk assessment technology.

It’s a quick and hassle-free report that’s part of one of the top third-party risk management platforms to manage your supply chain connections. No need to fill out questionnaires, invest staff time, or provide access. Request yours: https://resources.cyvent.com/en/free-risk-report 

 

2.

Make sure your systems are monitored 24/7. Even small businesses are constantly under attack.  If you don’t have a dedicated in-house cyber security team, our team of experts and partners is quick and talented. CyVent offers a comprehensive managed security service that covers endpoints, network, emails and training that is truly SaaS, without long term commitments or pre-payments. As soon as a new threat or vulnerability is identified, the service can take action to keep your company safe.

See more: https://resources.cyvent.com/corvid-cyber-defense

 

3.

Have an audit methodology for your systems. In a case like this, it is necessary to perform a complete scan of practically every system in a company. Having a methodology for documenting and correcting the findings is very helpful. This involves having a systems review order, including markings for cases where a Log4j was found, and also a log of all attempted attacks.

 

4.

It is a fact that there are very few tools to pre-empt zero-day vulnerabilities. What can really make a difference is rigorous process, thorough preparation, a well-trained employee population, an up-to-date security stack and a dedicated team committed to the safety of the company.

 

We are glad to know that all of our partners have done an exemplary job in handling this crisis with thorough follow-up and constant updates to help our customers get around the problem.

 

Who is that in the trenches by your side?
– And does it matter?
– More than the war itself.” 
Ernest Hemingway

 

________

Edmundo LLopis, CTO, Senior Advisor