What Is The Log4j Takeover?
As a society, we see cyber entertainment as SciFi. In which case, it’s entertainment, so it is ScFi but there’s also more to it. Time goes on, technology advances, and what was once an idea for entertainment starts to feel real. The Log4j security flaw is one of the worst computer vulnerabilities to exist, it seems unreal. When the Department of Homeland Security sounds an alarm to agencies ordering to eliminate the Log4j bug, the issue becomes reality.
What is the Log4j security flaw that has the entire internet in a horrific shock? The Apache Software Foundation is an American nonprofit corporation that supports several open-source software projects. Its foundation is popular among commercial software developers. Log4j is an open-source Java logging framework part of the Apache Logging Services used on various applications from vendors across the world [1]. In other words, Apache is an extremely well known and credible company that hosts a Java software framework called Log4J.
The Importance of Log4j
What makes the Log4j software so important? It’s software that developers use to keep track of what happens in their software applications or online services [2]. Its functionality is to log the actions of an application so when an issue arises an IT team can troubleshoot. Now imagine this powerful tool being downloaded millions of times across the world. Log4j has now embarked the world as a beneficial tool organizations can use. That is until its vulnerability was revealed. It’s vulnerability revealed hackers were able to execute code remotely on a target computer allowing them to steal data, install malicious malware, or take control [3].
You think, “Ehh, we hear about things like this all the time”. Until you realize the companies that were affected. Software developers developing applications for companies such as but not limited to Adobe, Cisco, Linux, FortiNet, Okta, McAfee, Oracle, SonicWall, Sophos, TrendMicro, VMWare, and Amazon were infected. These companies host solutions such as software, networking, security, and data management. Businesses that buy services or solutions from these companies may have been infected. In the education services sector, Universities and Colleges across the world use adobe products. Students and Faculty use pdf fillable forms, adapt electronic signatures to sign forms, and use adobe creative cloud. Small businesses may use Oracle databases to host their data management infrastructure or CRM’s. Small businesses and Universities may have also been using the McAfee antivirus software. So, what does this mean to the everyday consumer and organizations?
What Does This Mean for the Average Consumer and Businesses
First, the importance of data protection. Data protection is essentially identity protection. Organizations collect information such as name, email, date of birth, SSN, address, usernames, and passwords. You could say, protecting your data is like protecting your virtual identity. Now that facial recognition has surfaced, protecting data is even more serious. The purpose of facial recognition is to authenticate you are real and to verify you are who you say you are. Information that is then gathered on the internet can be traced back to you. For example, Logging into a Microsoft 365 requires a username, password, and 2FA. Once you login, the app authenticates your login by using facial recognition. As we see in this scenario, all the collected data needs to be stored and protected in a database so that the application can approve your future logins. If a cyber-attacker were to hack into any database that contains such information, someone’s identity could be stolen. A shocking 81% of breaches leverage stolen or weak passwords. 31% of data breach victims later have their identity stolen. Generally, attackers will sell the stolen data they acquired on the dark web. According to researchers, online banking credentials cost an average of $35 on the dark web and credit card details including associated data range between $12 and $20 [4].
Average Consumer
For everyday consumers, Log4j is most likely part of your everyday devices and services you use online. The best thing you can currently do is make sure your devices and apps are up to date and continue to regularly update them. Especially over the next few weeks.
Business Organizations
For organizations, it may not be clear that your web servers, web applications, network devices and other software and hardware use Log4j [2]. You’ll need to identify which internet-facing devices have Log4J and respond to alerts related to these devices. Patching Log4j with a good firewall is simply not enough protection. You may need a complete evaluation of your internal IT infrastructure. You’ll be dealing with an exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” [5]. CISA recommends affected entities [5]:
- Review Apache’s Log4j Security Vulnerabilities page for additional information and, if appropriate, apply the provided workaround
- Apply available patches immediately.
- Conduct a security review to determine if there is a security concern or compromise. The log files for any services using affected Log4j versions will contain user-controlled strings.
- Consider reporting compromises immediately to CISA and the FBI.
If you do not know where to start do not tackle this battle alone.
Start by opening the conversation. Business and IT leaders need to align their business processes and goals with it’s IT infrastructure. If there is bad communication between both business and IT actors, a company’s downfall is sure to follow. Both actors need to work together, bridge the gap, and align business visions with IT solutions. If you do not have the resources, an IT team, necessary software, etc. please seek for professional guidance.
At etopia technologies, we are experienced in solving software vulnerabilities such as Log4j, architecting IT infrastructure across all industries, data migrations, and networking and security. If you have any questions, would like an evaluation of your current IT infrastructure, or need help combating the Log4j flaw, we are here to help.
Defending identities, one network at a time.
Your Fellow Net Nerd,