Articles

Vulnerability mitigation for Log4j January 2022

The Log4j vulnerabilities represent a complicated and concerning set of issues for organizations and management around the globe. International cyber security watchdogs say that organizations should continue to remain cognizant of risks associated with Log4J attacks, and should stay on high-alert for potential Log4j-based threats.

Key facts

Although the Log4j incident hasn’t resulted in the anticipated aftermath, threat actors may still be planning Log4j-based breaches. Organizations need to continue exploring whether vulnerable systems are embedded within larger systems or networks, and should continue to apply vulnerability mitigation measures where necessary.

For both financially motivated and state-backed threat actors, Log4j vulnerabilities are very appealing. Multiple threat actors have already started to exploit Log4Shell; primarily to launch ransomware attacks.

Recent Log4j events

Microsoft reports that unknown threat actors attempted to propagate Log4j attacks on an organization’s internal LDAP servers through the use of a SolarWinds Serv-U zero-day. Ultimately, poor attack planning and execution resulted in attack failure on the part of the hackers. Nonetheless, the specter of successful intrusions still lingers.

Previously, Redmond reported that nation-state supported cyber criminals targeted a major tech firm’s software with a new strain of ransomware, which is particularly problematic in light of the fact that the firm is part of the software supply chain.

The highest-risk sectors

According to the US Cybersecurity and Infrastructure Agency (CISA), all organizations remain at-risk on account of the Log4j vulnerabilities. However, the healthcare sector is arguably among the highest-risk sectors, and reports indicate that attackers are “actively leveraging vulnerabilities”. The potential disruption of health services could result in severe consequences.

Vulnerability mitigation

Google’s Open Source Insights Team reports that 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly. As a result, a resolution for the issue may take coordination across diverse groups and years of work.

As a business leader, you’ve likely taken nearly all possible steps to mitigate and patch Log4j vulnerabilities. You’ll want to pursue Log4j mitigation efforts by ensuring that your software is up-to-date.

IPS and SASE solutions

Leveraging a cloud-based intrusion prevention system, offered as a component of a SASE solution, renders all of your potentially vulnerable applications and users protected from the latest zero day vulnerabilities. A cloud-based IPS system also offers protection even if your IT and security teams haven’t yet made time to patch all servers, apps and agents.

Offloading patch management to a cloud-based IPS means that virtual patching protects vulnerable assets, which translates to reduced worry for security teams and organizational leaders.

The future

In addition to perfecting patch management, organizations need to maintain mitigation plans in the event of Log4j-like issues in the future. Whether the plan includes shutting down the vulnerable software or immediately patching and testing, cyber security personnel need to prepare to respond to software vulnerabilities decisively and effectively.

The Log4j episode serves as a wake-up call. Want more info about Log4j vulnerability mitigation? See the Log4j guide here.

Lastly, join us at CPX 360 2022, where you’ll find more in-depth and technical information pertaining to Log4j. Don’t miss exclusive Log4j Case Studies led by distinguished cyber security experts. Register now.

Back to top button