Log4j Exploit: What SMBs Should Know
At the end of 2021, news emerged of a new vulnerability in Log4j, a Java library that underlies many of the world’s applications. Since then, this security flaw has been widely recognized as one of the most potentially dangerous vulnerabilities in history.
This vulnerability introduces a new significant risk for organizations everywhere — from the largest enterprise to the smallest SMB. As a result, every security leader and business owner should take the necessary steps to limit risk to their organization, especially as research shows attackers are already beginning to leverage the flaw for ongoing attacks.
With this heightened risk state in mind, here’s what SMBs need to know to better secure their environments.
What is Log4j?
Log4j is an open-source Java library developed by the Apache Software Foundation that runs some of the world’s biggest applications, including those made by Amazon, Microsoft, Cisco, Fortinet, Nutanix, Splunk, Oracle, and VMware. It is core to the internet’s infrastructure, and it’s maintained by volunteers, similar to many other open-source projects.
What is affected?
Devices using Apache Log4j versions 2.0 to 2.14.1 are affected by this vulnerability, including the Apache Struts2, Solr, Druid, Flink, and Swift frameworks that utilize this version. As a result, nearly every device or application on the internet is affected.
How bad is it?
Very bad. The Log4j vulnerability is rated 10 out of 10 in severity. CERT New Zealand has issued warnings about the vulnerability, the US Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre (NCSC). Part of the reason it’s so challenging is because Log4j is so widely used and can be difficult to patch.
Researchers have already shown that attackers are taking advantage of the vulnerability. Cloudflare, for instance, reported that it saw exploits of the vulnerability starting Dec. 1 — which means some attackers are already beginning to leverage the flaw for their benefit.
What can an SMB do about it?
Many vendors leveraging Log4j in their applications or devices have already released or announced they are working on patches, including AWS, IBM, Oracle, and others. Companies should make sure they are identifying which Internet-facing devices on their network are leveraging the open-source software and updating them immediately.
Given the widespread nature of this vulnerability, SMBs should also implement ongoing monitoring to flag any potential signs of nefarious activity on their networks (here’s a helpful list from Microsoft) that could signal an attack leveraging the vulnerability is underway. NCCGroup has released a helpful list of network detection rules to help guide this process. SMBs should also consider further measures to segment devices with Log4j installed that cannot yet be patched and tailor firewall rules to focus on Log4j.
While Log4j is just the latest in a series of vulnerabilities and cybersecurity risks emerging over the last few years, this is one that SMBs should be paying particular attention to due to its severe and widespread nature.