What is the Log4j vulnerability?
A software vulnerability has been discovered in Log4j (a very widely deployed software library that is used by software developers to keep track of any changed in applications that they build). Organisations that use Apache should immediately upgrade to log4j-2.1.50.rc2 and make sure their Java instances are up to date. It has soon become clear that the vulnerability has had far-reaching implications since being noticed… since the software is ubiquitous, it is being used in millions of applications across the internet. This means the vulnerability could affect major services like Amazon, Apple iCloud and Twitter. The popular game Minecraft was vulnerable but has since been patched. Security experts worldwide have expressed a concern over the vulnerability, as it could provide cybercriminals with enough traction within a system to actually deploy ransomware or attempt to gain control of a system.
What affect does this have on businesses? Tech companies all over the world are under pressure to fix this software vulnerability as millions of applications use Log4j for logging. Major companies such as Microsoft, Google & Cisco have found that some of their services were vulnerable, and everyone is working extremely hard to tackle this potential threat. Our expert team are working and hard and have investigated the security impact of the following vendors we use and have compiled a list of current status’ systems, please contact our cyber security team for more information.
What are we doing to protect our clients? Our DNS filtering system is in place which will be able to detect when malicious DNS requests are being made outbound, such as crypto mining and command & control connections. If any devices that we manage were sent some suspicious outbound requests they would be blocked however this does not fix the vulnerability it simply limits machines from downloading malware via the internet. We also have Webroot installed on all devices we manage which would again protect against malware in general even if it were to be able to download. Our patch management system is in place to apply security patches to vulnerable applications as they are released. Given the severity of this exploit, this is a priority for most organisations and remediation has already taken place over many of the systems we utilise. We recommend that the company which manages the network monitors the security alerts closely for strange behaviour. We are also reviewing all local administrator access and removing it if necessary on all devices that we manage. This would help prevent software from being installed on each device. If you do believe any of your applications to be vulnerable or you are unsure, please contact our cyber security team as soon as possible and we can discuss it further.