Table of Contents
As you may have heard, a severe vulnerability was recently discovered by the cyber security community called Log4j or Log4shell.
It is highly likely that your office network and/or team’s devices are vulnerable.
While immediate action is required, you do not need to panic.
Below, you will find everything you need to know regarding how to know if you are vulnerable and what to do about it.
This vulnerability is extremely important and affects nearly all major computing systems and devices.
The risk is a potential complete system take-over or compromise without your knowledge. Software and systems should be immediately patched if affected.
What Is the Risk?
If the Log4j vulnerability is not patched in all your systems, it could provide a back door for any hacker to enter your system with unrestricted access depending on the permissions granted to the software with the vulnerability. With this type of access, they have control to install malicious software, like a keylogger or ransomware, or vandalize, steal, and delete all your documents and data.
In short, they could completely take control of your IT network and systems.
Who Is Impacted by the Log4j Vulnerability?
This is a question that is still being answered, but it is safe to say that every company and organization will have some level of impact from the vulnerability.
Log4j has been widely used by many companies to produce software that we use every day. Here at Strategy, we are continuing to scan networks to discover which pieces of software use Log4j, so we can apply patches when they are released, remove devices with those programs from the network, or uninstall the software until a patch is released.
Here is a list of some of the commonly used vendors that have reported the vulnerability and are in the process of releasing updates and patches:
- Microsoft, including Office applications like Word, Excel, and PowerPoint
- Adobe software, including Creative Cloud applications like Photoshop, Illustrator, etc.
- Amazon Web Services
- N-able (previously SolarWinds)
How Can You Fix the Log4j Vulnerability?
The first thing you should do is reach out to your IT provider to follow their response plan. If they do not have a response plan or if you do not have an IT provider, here is our recommended response plan:
Run a system scan to discover any programs that may have the Log4j vulnerability.
Run a system scan through your antivirus or endpoint detection and response software to see if any malicious programs have been installed on your network. If you do not have Endpoint Detection and Response software, we recommend that you get this installed as soon as possible so it can scan for any type of malicious behavior on your network.
Install any published patches and updates.
For systems that do not have published patches and updates you can do one of two things:
- Disconnect the workstation or server from the network so that it is isolated.
- Uninstall any programs that do not have published patches and updates.
Monitor your network through your remote maintenance and monitoring (RMM) tool and any other networking monitoring tools you have access to. If you do not have RMM or networking monitoring tools installed, Strategy can install those for you.
Ensure that all your documents both in the cloud and stored locally are being backed up to help mitigate the loss of any potential breach that would result in your files being vandalized, ransomed, or deleted.
What Is Log4j?
Log4j is a Java-based logging library that was developed by the Apache Software Foundation. It’s free and widely used among companies of all sizes.
Software engineers use logging libraries to record the way in which programs run. These libraries help with code auditing and the resolution of functionality issues. Because it is free and highly regarded as trustworthy, Log4j is quite popular and used across many platforms.
The unfortunate irony, however, is that Log4j’s main purpose was to detect bugs in software, and now it has a bug of its own. Worse yet, it’s not a simple fix.
CISA Director Jen Easterly released a statement on December 11, 2021 regarding the issue.
She said, “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the Log4j software library. This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.”
So, What Is Log4Shell?
Simply put, Log4Shell is the nickname that has been given to the Log4j vulnerability crisis.
This is because exploitation of Log4j can allow shell access (or remote code access) to hackers, giving complete control into your server’s system. Scary, right?
With this shell access, attackers are able to download and run scripts on targeted servers, which leaves them vulnerable to complete remote control.
Once they have this access, they can do what they please with your data and files. This includes installing and running programs with malware or keyloggers, stealing your sensitive data, or just deleting everything entirely. Your server is their oyster.
According to Bitdefender, the technical term for this alarming phenomenon is “zero-day remote code execution vulnerability”.
We know that moments like this can be overwhelming and nerve-racking. Know that you are not alone; our team at Strategy is here to help you walk through this crisis however you need.
If you have any questions or need help implementing any of the recommended steps in our response plan, call us at 913-353-6902 or book an IT Strategy Session.