It seems like every time you turn around there is a new major cybersecurity risk in the news headlines. Earlier this year, we had back-to-back ransomware attacks at Colonial Pipeline and global meat producer, JBS. Recently, there was a major vulnerability found in software that runs medical devices.
There has been another major software vulnerability found that puts hundreds of millions of devices at risk.
Software vulnerabilities are one of the main enablers of cyberattacks. These are mistakes in the software or operating system code that allow a hacker to exploit them to launch certain attacks.
These attacks can include things like:
- Access to credential management
- A takeover of a device running the flawed software
- Launching of commands to a device
- Ability to open a backdoor to plant malware and/or steal data
Once software manufacturers find out about a vulnerability (which is usually by it being exploited by hackers), they rush to create a security patch. That patch is then issued in a software or OS update.
During the time it takes to create a patch, systems are left vulnerable. Even after a patch has been issued, many companies don’t apply it right away because they don’t have a formal patch/update management program in place.
Patch and update management is vital to any solid cybersecurity plan to ensure that there are no hidden vulnerabilities that hackers can use to bypass your other protections.
1 in 3 network breaches is a result of unpatched vulnerabilities.
What Is the Log4J Vulnerability?
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) describes this as a “critical remote code execution (RCE) vulnerability in Apache’s Log4j software library”.
It is important to note that software libraries are resources that are widely used by developers when creating different types of software and firmware code.
Log4J (which is also known as Log4Shell) is used widely in the coding for several consumer and enterprise services, websites and applications. This means that the vulnerability could be present in a cloud tool that you log into online or in an application that you use on your computer or mobile device.
What Problems Can Be Caused by This Vulnerability?
Hackers can often exploit vulnerabilities in multiple ways and sometimes there can be more than one vulnerability in flawed software code.
Apache has a vulnerabilities page that lists the variety of different exploits that can occur and any patches that it has issued to help users seal those vulnerabilities.
Some of the attacks that can occur when bad actors exploit the Log4J vulnerability include:
Denial of Service
This has a high severity level and could allow someone to use this code to flood a service with so many requests that the system goes down.
Remote Code Execution
This vulnerability has a critical severity level. Remote code execution is one of the most overarching types of attacks. This means that a hacker can send commands to a system or device through the vulnerability in the software. Those commands could be anything from enabling a takeover to launching ransomware.
Improper Validation of Certificate
This is a lower-level exploit because it does not involve a takeover of a system. This entails a potential interception by a man-in-the-middle attack of any log messages.
What Does Our Company Need to Do?
Log4J is a Java-based utility that is used for logging capabilities or a record of an activity. This code is used so widely that multiple vendors have code impacted by this issue.
Impacted systems and services include those from providers, such as:
- Atlassian
- Amazon
- Microsoft Azure
- Cisco
- Fortinet
- Oracle, Red Hat, VMware
- And others
Many of these vendors have already issued a fix for the vulnerability. However, users must apply those updates.
Your company should ensure that all devices used for business activities have all operating systems and software up to date.
This vulnerability also impacts web services so it is important to ensure that the cloud tools you are using have been patched if needed. Reach out to the service provider if necessary to learn whether or not their software was impacted. If so, find out if the vulnerability has been sealed.
It is vital to the future of your company’s IT security to institute patch management for all devices. This includes any remote employee devices. This is most easily done by working with an IT provider that can ensure that your users have the latest updates applied and can do so without any user interruption.
Put an Automated Patch Management Solution In Place
Sound Computers offers expert managed IT services to Connecticut businesses that can take the burden of patch/update management off of your shoulders and help keep your company safe from a breach.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.