Log4j is an open source piece of code that is very popular in the development community. It is used by more than 12 million Java developers as they work to build millions of software applications that run core business functions in every conceivable industry.
Log4j is a fast, reliable and flexible logging framework which is written in java. It is an open-source logging API (Application Programing Interface) for java. What is logging? Simply, logging means some way to record the state of the system when it runs or is running. Logs are used to capture important data and make it available for analysis at any point in time.
The Log4j vulnerability is so dangerous because:
As CISA director Jen Easterly said, “Log4j is the biggest security crisis in the history of the internet.” Why is this true? There are three simple reasons: it’s ubiquitous, it’s severe, and it’s simple to exploit.
- Ubiquity: The vulnerable Log4j code is embedded in millions of software applications.
- Severity: The Log4j vulnerability is classified as a Remote Code Execution (RCE) flaw, making it the most dangerous type of software bug there is. RCE vulnerabilities allow a malicious actor to do whatever they want and execute any code of their choice on a remote machine over the internet.
- Simplicity: The Log4j vulnerability is remarkably simple to exploit, which, combined with its ubiquity and severity, make it a significant threat to organizations of all sizes and across all industries.
Check Point Security has said that it had seen attempts to exploit the vulnerability on over 40% of corporate networks globally.
How can organizations mitigate Log4j risk?
Due to the Log4j zero-day crisis, the world is now guaranteed to experience a significant increase in ransomware and cyber crime aimed at stealing sensitive data. Microsoft researchers report that they have seen hackers exploit the vulnerability to install crypto-miners, steal passwords and logins, and exfiltrate and ransom data. In light of this sobering reality, there are four steps that organizations can take to mitigate risks:
- Patch software and update hardware firmware
- Run anti-virus software
- Keep eyes open for signs of breach (Extended Detection & Response – XDR)
- Update network configuration and firewall rules (Web Application Firewalls – WAFs)
- Patch vulnerable libraries in production apps
- Encrypt sensitive data everywhere it moves to and rests