Cyber Risk Advisory: Apache Log4j Vulnerability
A maximum severity rating was recently issued for Apache Log4j vulnerability on Dec. 10, 2021. It allows cyber threat actors to use remote code execution on the servers of the open-source Java package used for logging applications. Log4j is widely used in consumer and enterprise services, websites, applications, and operational technology products to log security and performance information. An unauthenticated cyber threat actor could remotely exploit this vulnerability to take control of an affected system.
According to CISA, immediate actions to protect against Log4j exploitation:
- Discover all internet facing assets that allow data inputs and use log4j Java library anywhere in the stack.
- Discover all assets that use the log4j library.
- Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.
- Monitor for odd traffic patterns (e.g., JDNI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).
Cyber threat actors are actively scanning and exploiting this vulnerability, with many security researchers noting an increasing number of scans targeting internet-facing systems. It’s essential to identify, mitigate and patch any solutions that utilize affected versions of Log4j. Anyone who believes this vulnerability might impact them should review the guidance provided by the Apache Software Foundation by clicking here or CISA.
If you suspect your system has been exploited or would like to discuss it with your cyber liability insurance carrier, don’t hesitate to contact your Oswald brokerage team.
For more information visit our Cyber Risk page or contact me directly:
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.