A recent storm of cybersecurity activity hit the internet over the last week as a highly dangerous vulnerability known as Log4Shell was publicly disclosed. Also known as Log4j (the name of the affected utility) this zero-day vulnerability allows attackers to gain full system control with little technical effort. The use of this tiny bit of software is rarely documented but it is widespread on the order of hundreds of millions of devices. Another major cause for concern is the trivial effort required to exploit the vulnerability and gain access to everything from consumer technologies to web servers.
Across the industry, IT departments have been in overdrive as initial mitigations focus on patching systems as updates are made available. The phases ahead are where the true impact of this event will emerge. A history of recent attacks against critical industries and an escalating cybercrime environment mean that the vulnerability arrives with a heavy future cost and the potential for breach, data leakage, DDoS attacks, ransomware, botnets, and a spectrum of threats that cannot be estimated.
Ntirety has been actively responding to the Log4shell vulnerability as outlined by our response plans for Managed Security Services Stack customers and our general ecosystem. After thorough scanning and review of internal and vendor applications, we have mitigated every instance of Log4j through continuing updates and enforced controls on access levels.
Affected Version
Apache Log4j 2.x <= 2.15.0-rc1
Affected Software
A significant number of Java-based applications are using log4j as their logging utility and are vulnerable to this CVE. To the best of our knowledge, at least the following software may be impacted:
- Apache Struts
- ApacheSolr
- Apache Druid
- Apache Flink
- ElasticSearch
- Flume
- Apache Dubbo
- Logstash
- Kafka
- Spring-Boot-starter-log4j2
Additionally, as part of our holistic security approach, our advanced intelligence and monitoring systems are on the lookout for intrusions, analogous behaviors, account privilege tracking, and any lateral behaviors that may indicate a novel attack is occurring. Across our datacenters, Ntirety has also performed discovery and advisory for potentially vulnerable customers.
Our response planning is continually updated, and what comes next is equally as important to initial responses, as this vulnerability is destined to haunt the internet for years to come. Our 24/7 Security Operations Center is up to speed on tracking new potential threats and trained on how to recognize and respond appropriately. Exploits are just getting started and we are on high alert.
We highly recommend that organizations upgrade to the latest version (2.17.0) or higher of Apache log4j 2 for all systems, along with the addition of a managed security service to proactively protect your systems.
Schedule a consultation with Ntirety to learn about how we can help protect you from vulnerabilities through our Comprehensive Security approach.