Log4j Named “The Most Critical Vulnerability of the Last Decade”

By Chris Cox | December 21, 2021

iStock-1142845130

On December 9, a remote code vulnerability called ‘Log4j’ (CVE-2021-44228) was identified in an open-source software tool used by many systems around the world. Relating to Apache, a logging tool used in many Java-based applications to log error messages, Log4j has put millions of servers at increased risk of data exploitation. The vulnerability has been given the maximum severity score of 10/10 and described as “the most critical vulnerability of the last decade”.

Details of the attack

Many specific line of business applications from 3rd party vendors will utilise the Log4j library in order to provide web services to end users. This library is integrated into the applications and malicious scanning of internet IP addresses is currently occurring from many sources looking to gain a foothold into your network.

The vulnerability allows an attacker to send a specially crafted message to vulnerable web servers that allows them to subsequently open backdoors into affected systems, potentially stealing data and compromising network security.

This specific attack does not relate to Microsoft based applications and services as these use a Microsoft proprietary web server system called IIS.

Immediate recommendation

In line with recommendations from the Australian Cyber Security Centre (ACSC), we strongly advise that all Australian organisations whose applications utilise the Apache web platform check if Log4j versions prior to 2.15.0 are present and if so, immediately install the latest available version from the software vendor.

The ACSC is monitoring the situation and can provide advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

For further general information and advice about the Log4j vulnerability, and mitigations, please refer to the Australian Government ACSC website. 

 

Notification to our customers

Please note this vulnerability specifically impacts Apache web servers that are externally accessible via the internet, and as mentioned is easily exploitable. As such, your software vendors should be working with you directly for patching and remediation requirements as a matter of urgency.

We urge customers to monitor notifications from software vendors and log a ticket with us as soon as notified that an updated version is available. Diamond IT is unable to close this security vulnerability until a patch is released by each vendor whose software is vulnerable to this attack.

For Diamond IT customers with a Unified Threat Management (UTM) Gateway such as a FortiGate installed, please note that we have activated an Intrusion Prevention System (IPS) signature mechanism for this attack and updated settings whilst waiting on further action from your software vendors. This system detects the specially crafted messages attackers use to compromise systems and provides protection from internet based attacks while your software vendors develop a patch. This does not mitigate any attacks that may originate from within your network and is why installing an updated version of your software is still required.

For any questions or for more information on the FortiGate network firewall, please contact your Business Technology Manager.

 

How Diamond IT can support your cyber security

Diamond IT regularly monitors and reviews threats in the IT landscape and always moves swiftly to protect customer systems and data with the utmost urgency and care. For this specific threat, we have put in place all mitigation strategies possible and stand ready to assist customers with updating their systems as soon as vendors release updated versions of their software.

If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, or if you'd like more information on Diamond IT's security approach including TechOps, our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.

LET'S TALK

Download your free cyber security checklist

 

TAGS: Managed IT Services, News and General, Cyber Security,

About Chris Cox
Chris Cox

Chris Cox (GCertCloudComp&Virtual, MCSE: Comm, HP ASE:SSA, NSE4) is Diamond IT's Head of Infrastructure and Security Solutions. Since joining Diamond IT in 2007, Chris has lent his expertise to all areas of the business from Service Desk and Projects to Presales and now continues to guide the Infrastructure and Security Solutions team. With numerous industry certifications from major vendors such as Microsoft, Fortinet and HPE, Chris has a wide range of knowledge covering almost all areas of the SMB IT space.