Archive article - published on January 25 2022
It seems like hardly a week goes by without some new cybersecurity threat being featured in newscasts and headlines. These occurrences once discussed only among the technocrats, are now fully discussed in the mainstream of society. The broadened interest comes with good cause. Simple endpoint attacks have become multi-stage operations driven by nefarious worldwide syndicates. Ransomeware strikes hit small and big businesses without discrimination, and cryptomining and data leaks have re-shaped the threat environment.
It's no surprise that 2022 begins with the cybersecurity community focused on the latest widespread vulnerability. The Apache Log4j 2 vulnerability was identified at the end of last year and carries a severity of 10 (the greatest risk) on the Common Vulnerability Scoring System (CVSS). The criticality of this latest threat has security experts, like the Cybersecurity and Infrastructure Security Agency (CISA), urging businesses that employ Log4j 2 to take mitigation actions immediately.
Log4j2 - An Achilles Heel
Mythology tells us how Achilles' mother dipped her son in the River Styx, making his body invulnerable except for the heel from which she held him. A security vulnerability refers to a chink in the armor of cyber environments--the proverbial Achilles heel. Vulnerabilities can present in hardware, software, or procedures and allow hackers to find ways into otherwise non-exploitable systems quickly.
The Apache Log4j 2 utility is an open-source framework most often used for logging requests and information that enables applications to run smoothly, track events, and help in debugging should the need occur. Because the utility is Java-based, attackers can exploit it by sending log messages containing a specially crafted Uniform Resource Identifier (URI). This, in turn, triggers the application to execute dangerous code from malicious sources.
So far, bad actors have primarily used the vulnerability to compromise fingerprint vulnerable systems or those systems which validate network protocols, operating systems, hardware devices, software, and other things. The landscape is ripe for attack because the Log4j library is used extensively, either directly or through third parties. While the bulk of news related to Log4j centers on business, consumers also may have cause for concern as numerous smart home devices, and network-attached storage also relies on the utility.
Getting a Handle on the Problem
Cloud platform giant, Google, urges businesses to triage their systems and upgrade to the latest version of Log4j2 immediately. The maker of Google Cloud Marketplace and Google Workspace also says that any third-party applications used in conjunction with its products should be carefully reviewed for Log4j 2 instances. Employing Google Cloud Security products can also help detect and mitigate vulnerabilities. The company recommends a layered approach to security that includes:
Cloud Armor can mitigate threats against applications or services behind external HTTP(S) load balancers.
On-demand scanning of container images locally and in registries prevents deployment in the CI/CD process.
For businesses running Kubernetes, employing binary authorization can prevent the deployment of packages with vulnerabilities.
Where Experts Can Help
According to Mike Wiacek, CEO of Stairwell, a cybersecurity company that prides itself on empowering businesses against hackers, "Attackers are winning because combating unexpected major vulnerabilities like Log4Shell takes an incredible amount of time--and time-to-patch--particularly in large enterprises."
Mitigating vulnerabilities rob organizations of time usually spent on revenue-driving activities. In December 2021, the Wall Street Journal reported that the Log4j 2 exposed businesses to millions of attacks per hour. Clearly, the situation is emergent, and the need for remediation is immediate. This is where WALTLabs.io can help.
Your organization's cybersecurity should have the personalized guidance and support required to ensure safety and success. As a Google Cloud Premier partner, WALTLabs.io uses the latest technology to assess vulnerabilities and help businesses defend against hackers. Contact us today to keep your teams focused on your business with world-class protection so they can work more securely.