The interconnectivity of billions of people’s work and personal data across the globe results in more sensitive data being shared or stored on networks. As a result, security breaches that aim to gain access to data or to manipulate hardware are both invasive and dire. The recent Log4j breach opened virtually every software system and device to hacking. To help protect users and agencies from potential security fractures, Carahsoft has assembled a portfolio of solutions from a variety of vendors to guard devices.
The Primary Function of Log4j Technology
Log4j is a Java Apache Software datalogging tool. Its primary role is to log user input and perform network lookups within Java Naming and Directory Interface (JNDI). With JNDI, users can store Java objects in remote locations and serialize them for easy usage on machines. Despite not being popularly used in Java anymore, the Log4j serialization remained in the software’s framework.
Java is one of the most common programs, with an estimated use of 97% in all business applications.[1] With any Java property, there is a high probability it contains Log4j. As a result, many libraries use the software, with an estimated 39.2% direct and 60.8% indirect remote code execution.[2] Potentially affected brands include Twitter, Amazon, Steam, Unifi, Apple, Webex, Tesla, and LinkedIn. With the security breach, hackers can use Java code to run any file on a user’s machine. Once a malicious file is downloaded onto a hardware system, the attacker can steal data, install ransomware, and perform unauthorized activities.[3]
As this large security breach affects Apple, IOS, Windows, and Linux software, both individual users and large corporations are impacted. Software using Log4j versions 2.14 and earlier are at risk and need to update to versions 2.15 or later to secure their system. While users can ensure their systems are up to date, popular applications may directly or indirectly encounter a software program that has an out-of-date Log4j version, creating a security threat. Because of the ease of attack, Log4j is a major concern. The attack surface is ubiquitously large, and the threat has a maximum security score of 10 from the Common Vulnerability Scoring System (CVSS). There are several components that can further secure networks.
Industry Solutions & Expertise
Carahsoft works with many of the top vendors in the cyber security space and has an array of robust solutions to help mitigate and secure systems against Log4j attacks. To help assist our customers with managing this new vulnerability we have built a helpful website that provides a comprehensive listing of our vendor’s mitigation techniques that can be used to thwart the attack, along with an index of critical patch advisories for each solution that users can easily access to ensure their systems are secure. This website will be updated regularly with the latest information on Log4j and includes helpful resources that our customers can use to navigate the attack. For more information, please visit: https://www.carahsoft.com/solve/log4j
Steps for Mitigating Log4j
The first step is to upgrade any personal systems to 2.17. Carahsoft’s vendors who work with JNDI have already updated to more secure versions. If this is not possible, users can try temporarily disabling JNDI Lookup.
Several of Carahsoft’s vendors do not work with JNDI. However, users and agencies may still indirectly encounter Log4j. Many vendors have threat reports available. Others can work with organizations to evaluate and enhance their endpoint security to proactively maintain the integrity of the network infrastructure. In addition, many Carahsoft vendors have software that will detect and mitigate capabilities to show where Log4j versions 2.15 and earlier are on a system. These packages can monitor networks to detect and report errors or threats.
Agencies should use Security Information and Event Management (SIEM) tools to access a holistic view of an organization’s information security systems. By accessing behavioral analytics with SIEM, users can monitor for crypto mining activity, detect both correlation rules and anomalies in user agent strings, endpoint activity, and network traffic.[4]
Secure Against Attacks
The discovered weakness in Log4j opened the entire internet to potential security breaches. However, with the aid of Carahsoft’s vendors, both users and agencies can secure their networks against attacks. With these precautions, personal information will remain private, and hardware will remain reliable and safe.
Learn more by viewing a list of resources and recommendations from Carahsoft’s vendor to mitigate and address the Log4j vulnerability. Visit the US Cybersecurity and Infrastructure Security Agency (CISA)’s site for up-to-date guidelines on Apache Log4j vulnerabilities.
[1] “How Many Software Developers Are in the US and the World? [Updated],” Daxx.https://www.daxx.com/blog/development-trends/number-software-developers-world
[2] “Log4J Vulnerability (Log4Shell) Explained – for Java developers,” Java Brains. https://www.youtube.com/watch?v=uyq8yxWO1ls
[3] “How to Prevent a Log4j JNDI Attack,” Techblocks. https://tblocks.com/how-to-prevent-a-log4j-jndi-attack/
[4] “7 Detection Tips for the Log4j2 Vulnerability,” Exabeam. https://www.exabeam.com/wp-content/uploads/GUIDE-7-Detection-Tips-for-the-Log4j2-Vulnerability.pdf
