The Log4j Zero Day Vulnerability: How To Protect Your Business

Log4j Vulnerability Zero Day Attack

We’ve been waiting for something to break through the doom and gloom news around the Omicron variant – but this wasn’t what we had in mind. The Log4j Zero-Day Vulnerability is a real threat to your organization’s cyber security. Here’s what you need to know.

What is Log4j?

Apache Log4j is an open source library of Java code used by other software to log activities and events on websites, servers, computers or other devices. This includes Google, Apple, LinkedIn, Twitter, Amazon and other tech titans.

The Log4j vulnerability is actually not one, but a set of four zero-day vulnerabilities. The number of vulnerabilities isn’t as important as their severity and two of the Log4j cyber security risks are at the top of the charts, with a 10/10 and 9/10 Common Vulnerability Scoring System (CVSS) score.  Well-known cybersecurity expert Amit Yoran, chief executive of network security firm Tenable and the founding director of the U.S. Computer Emergency Readiness Team  (CERT), said: “The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade.”

Why is Log4j so dangerous?

The Log4j vulnerabilities allow an attacker to inject malicious code into a system, which is called remote code execution (RCE).  Any publicly accessible system using an unpatched version of Log4j (websites for example) is at high risk because threat actors could exfiltrate data and/or deploy malware. There are four factors that make the Log4j vulnerabilities especially dangerous:

  • It is (almost) everywhere. Log4j is used in a LOT of software and systems. W3Techs estimates that 31.5 percent of websites use Apache, and BuiltWith reports that more than 52 million sites use it. If most vulnerabilities are the equivalent of stepping into the shower, Log4j is a monsoon.
  • It’s not easy to tell if you have it. Forget about determining whether your Log4j  vulnerability has been exploited, it’s not even easy to know if you are using Log4j on your system. It’s packaged inside other components and likely won’t show up on a list of specifications.
  • Your child could exploit this vulnerability. That’s not an exaggeration – it’s a simple cut and paste of code, little to no technical knowledge is needed.
  • It bypasses authentication. The logger can interpret a text-based log message as a URL from which malicious code can be retrieved and executed.

What does the Log4j exploit do?

Because it allows for RCE, the code injected into your system can do pretty much anything the attacker wants it to. There have been reports of the vulnerability being used to load bitcoin mining software onto servers or even launch ransomware. Stay tuned and we will keep you posted on future developments.

Is my system at risk?

Assume it is. After all, with a vulnerability this widespread, chances are you have at least one product or service that uses an Apache Log4j library. Services using Java components are impacted (Java, not JavaScript – that’s a different animal). Exploits are less likely behind your firewall, but still possible. The bulk of the risk is for any services directly exposed to the internet 

Intrust clients don’t need to guess. We are proactively scanning your environment to find any Log4j instances or vulnerabilities. As we do with all cyber security risks, we’ll work with your leadership and our technical experts to determine the appropriate mitigation steps for each case.

Is the Intrust IT stack impacted?

The Intrust application stack is continuously monitored and patched. There is no current risk of Log4j vulnerabilities.

How can I protect my business?

The industry has been working around the clock to develop and release patches to eliminate Log4j vulnerabilities in their products and services. Many patches have been released and more are in progress. For an idea of the scope, check out this running list on github. The most important thing you can do for your business is to monitor for these releases and implement them as soon as they become available. 

It is also important to make sure you have a solid IT infrastructure and cyber security system in place to identify and mitigate any risks that arise. The Log4j vulnerabilities aren’t new – it’s just that someone recently found a way to exploit them. Like most zero-day vulnerabilities, it’s been out there for years – unknown until someone found a way to exploit it.

Intrust IT customers with questions or concerns should contact their Client Success Manager or open a support ticket

Not an Intrust client? Having the right IT partner can take these issues (and the worry that goes with them) off your plate. To learn about our managed IT and cyber security solutions, contact us or book a meeting

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Securing Our Cities Cybersecurity Protection for Local Governments - Intrust IT

Securing Our Cities: Cybersecurity Protection for Local Governments

As a city or municipality manager, you understand that the security of your community extends far beyond physical borders. With...
Manufacturing and IoT Securing Connected Devices

Manufacturing and IoT: Securing Connected Devices

You're the operations manager of a cutting-edge manufacturing facility, overseeing a production floor buzzing with activity. Your team relies on...
Small Business Cyber Security Toolkit

Small Business Cyber Security Toolkit: The Tools You Need to Stay Protected

With great power comes great responsibility, especially when it comes to running a business and protecting your digital assets. As...

Business Continuity Plan Template for Municipalities

Municipalities are facing increasing cyber attacks.  With cybercrime rates soaring and municipalities ranking as prime targets, the need for robust...
Cybersecurity Strategies for Municipalities 8 Expert Tips - Intrust IT

Cybersecurity Strategies for Municipalities: 8 Expert Tips

Municipalities tasked with safeguarding sensitive data and critical infrastructure are increasingly the targets of cyberattacks. Municipalities often handle a vast...
Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...