Late last week, a new vulnerability was identified which affects the Java logging library Apache log4j.
In a statement from December 10, the Cybersecurity & Infrastructure Security Agency said:
"…A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.
CISA encourages users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.”
What is Log4J?
Log4j is an open-source Apache logging framework widely used by developers to keep a record of activity within an application. The software is used by both enterprise applications and cloud-based services, including companies like Amazon and Apple.
An uncovered flaw in Log4j is being exploited by hackers, allowing them to load Java code on a server and take control. Apache has rated the vulnerability at “critical” severity. Currently, security responders are scrambling to get things under control while hackers are actively scanning the internet for affected systems. You need to act quickly to protect your data.
How should I respond to this breach if my organization uses Log4j?
Ahead of the December 13 critical infrastructure call, the Cybersecurity & Infrastructure Security Agency offered vulnerability mitigation guidance for organizations running products with Log4j as follows:
- Review the latest CISA current activity alert and upgrade to Log4j version 2.15.0, or apply their appropriate vendor recommended mitigations immediately.
- Enumerate any external facing devices that have Log4j installed.
- Make sure that your security operations center is actioning every single alert on the devices that fall into the category above.
- Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts.
How is Xamin handling the Log4j vulnerability?
Xamin was made aware of this vulnerability via our vendor security feeds and conducted a review of internal systems to ensure no compromise had occurred.
At this time, we have not observed any anomalous events that would indicate Xamin systems have been compromised in any way. As the situation continues to unfold, we remain diligent in our security posture to ensure that Xamin and its customers are in no way affected by this event.
Along with the CISA’s guidelines, we also recommend you protect your organization by taking the following steps:
- Utilize log, endpoint, and network analysis to detect any exploitation in existing systems. Scanning for vulnerable Log4j servers is vital. If any evidence of post-exploitation activity is found, Incident Response (IR) procedures should begin immediately to detect, contain, and recover any data that has been compromised by this vulnerability.
- Contact all critical vendors for a statement on their Log4j response. This is a wide-ranging attack that affects many different types of vendors, which means even non-technical or software vendors should be issuing a response. If they have yet to issue a response, you should contact them to ensure proper steps are being taken.
- Update Intrusion Prevention Systems (IPS) rulesets and reach out to IPS vendor(s) to ensure their software is not affected by the vulnerability. This will not prevent the vulnerability, but it will detect and log any exploitation attempts.
How can I protect myself from data breaches?
Data breaches are, unfortunately, common occurrences, and the cost of recovery can be a drain on your time and your finances. However, there are ways to protect yourself and prevent damage from occurring. In order to keep your personal and company data safe, we encourage you to:
Set strong passwords: Avoid generic passwords that include things such as your name, your company name, the word “password,” and any sequential numbers. Instead, your password should include both upper- and lowercase letters, numbers, special characters, and random words with no connection to each other.
Be sure to use a different password for every site. If you re-use the password at multiple locations, a leak may allow hackers to use that leaked password to access other accounts associated with your email addresses.
You can also use password management software such as 1Password or LastPass to create and store strong, randomly-generated passwords or passwords of your own choosing.
Use two-factor authentication: Although not offered everywhere, opting in to two-factor authentication adds another layer of security to your accounts.
Monitor your accounts: Look for anything out of the ordinary, including unfamiliar transactions, collections, notices, bills, and calls. Monitor your credit report to make sure that nothing new has opened under your name. Depending on the breach, these financial attacks can appear in many different ways.
Invest in cybersecurity: According to IBM’s Cost of Data Breach Report 2020, the cost of breaches caused by human error stands at an average of $3.3 million. By educating yourself and your employees on the importance of cybersecurity, you can keep your private information fortified.
If you’re a business owner, you should consider investing in managed IT services, as IT experts can help mitigate risk. And even if you already have a trusted IT advisor, an outside, third-party assessment can help to head off any potential issues before they occur.
We're here to help
Beyond the tactical response, we understand that our clients may have heightened concerns regarding security. Further, in light of this incident, the possibility of additional attacks or exploitation of zero-day vulnerabilities is likely topping your list of concerns.
We invite you to contact our Client Experience team at firstname.lastname@example.org if you have any specific questions or concerns about this—or any other—incident, or if you want to discuss your cybersecurity as a whole.
Our approach to vulnerability and security event management is multi-faceted. We utilize a layered approach to security, protecting all points or presence with advanced hardware and software tools. With SOC 2 certification and a layered security approach, Xamin can provide you with personalized client service that keeps your information safe.
Xamin provides IT services and assessments to businesses and their owners. Our mission is to help organizations have a clear understanding of technology vulnerabilities and provide solutions for the protection of customer, employee, and company data.