The Log4j Zero Day Vulnerability: How To Protect Your Business

We’ve been waiting for something to break through the doom and gloom news around the Omicron variant – but this wasn’t what we had in mind. The Log4j Zero-Day Vulnerability is a real threat to your organization’s cyber security. Here’s what you need to know.

What is Log4j?

Apache Log4j is an open source library of Java code used by other software to log activities and events on websites, servers, computers or other devices. This includes Google, Apple, LinkedIn, Twitter, Amazon and other tech titans.

The Log4j vulnerability is actually not one, but a set of four zero-day vulnerabilities. The number of vulnerabilities isn’t as important as their severity and two of the Log4j cyber security risks are at the top of the charts, with a 10/10 and 9/10 Common Vulnerability Scoring System (CVSS) score.  Well-known cybersecurity expert Amit Yoran, chief executive of network security firm Tenable and the founding director of the U.S. Computer Emergency Readiness Team  (CERT), said: “The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade.”

Why is Log4j so dangerous?

The Log4j vulnerabilities allow an attacker to inject malicious code into a system, which is called remote code execution (RCE).  Any publicly accessible system using an unpatched version of Log4j (websites for example) is at high risk because threat actors could exfiltrate data and/or deploy malware. There are four factors that make the Log4j vulnerabilities especially dangerous:

• It is (almost) everywhere. Log4j is used in a LOT of software and systems. W3Techs estimates that 31.5 percent of websites use Apache, and BuiltWith reports that more than 52 million sites use it. If most vulnerabilities are the equivalent of stepping into the shower, Log4j is a monsoon.
• It’s not easy to tell if you have it. Forget about determining whether your Log4j  vulnerability has been exploited, it’s not even easy to know if you are using Log4j on your system. It’s packaged inside other components and likely won’t show up on a list of specifications.
• Your child could exploit this vulnerability. That’s not an exaggeration – it’s a simple cut and paste of code, little to no technical knowledge is needed.
• It bypasses authentication. The logger can interpret a text-based log message as a URL from which malicious code can be retrieved and executed.

What does the Log4j exploit do?

Because it allows for RCE, the code injected into your system can do pretty much anything the attacker wants it to. There have been reports of the vulnerability being used to load bitcoin mining software onto servers or even launch ransomware. Stay tuned and we will keep you posted on future developments.

Is my system at risk?

Assume it is. After all, with a vulnerability this widespread, chances are you have at least one product or service that uses an Apache Log4j library. Services using Java components are impacted (Java, not JavaScript – that’s a different animal). Exploits are less likely behind your firewall, but still possible. The bulk of the risk is for any services directly exposed to the internet 

Intrust clients don’t need to guess. We are proactively scanning your environment to find any Log4j instances or vulnerabilities. As we do with all cyber security risks, we’ll work with your leadership and our technical experts to determine the appropriate mitigation steps for each case.

Is the Intrust IT stack impacted?

The Intrust application stack is continuously monitored and patched. There is no current risk of Log4j vulnerabilities.

How can I protect my business?

The industry has been working around the clock to develop and release patches to eliminate Log4j vulnerabilities in their products and services. Many patches have been released and more are in progress. For an idea of the scope, check out this running list on github. The most important thing you can do for your business is to monitor for these releases and implement them as soon as they become available. 

It is also important to make sure you have a solid IT infrastructure and cyber security system in place to identify and mitigate any risks that arise. The Log4j vulnerabilities aren’t new – it’s just that someone recently found a way to exploit them. Like most zero-day vulnerabilities, it’s been out there for years – unknown until someone found a way to exploit it.

Intrust IT customers with questions or concerns should contact their Client Success Manager or open a support ticket. 

Not an Intrust client? Having the right IT partner can take these issues (and the worry that goes with them) off your plate. To learn about our managed IT and cyber security solutions, contact us or book a meeting.