What is Log4j?
Log4j is an open-source log management and analysis tool created by the Apache Software Foundation. It is primarily used in Java applications to collect, manage, and record users activities. Since it's release, Log4j has been downloaded millions of times and is one of the most widely known tools used in many popular applications and software systems.
The Log4j vulnerability
The Log4j critical vulnerability had been discovered last week and could have devastating effects to the entire internet.
It's important to understand how this vulnerability works. An attacker would be able to execute unauthorized remote commands on a computer running Log4j without the user/organizations knowledge/approval by sending a specially crafted request to the server. These requests can lay dormant for years without knowledge and execute dangerous ransomware/malware. According to David Kennedy, CEO of cybersecurity firm TrustedSec, "This will take years to address, while attackers will be attempting to exploit it on a daily basis."
The list of potential victims of this exploit covers nearly a third of web servers in the world. Microsoft, Google, Amazon, Apple, IBM, Cisco, Twitter, Oracle as well as gaming giant Minecraft are just a FEW of the titans to utilize this software. This flaw is being considered the biggest cybersecurity risks in decades. As a result of the worldwide usage of Log4j, this leaves critical resources like power, energy, food, water, communications, e-commerce vulnerable to exploitation.
How to Protect Yourself from This Vulnerability
Most of us, are likely utilizing Log4j in some way shape or form. You should do your due diligence and take steps to protect your organization from this exploit.
- If you are unsure or concerned then its imperative to reach out to your cybersecurity specialists
- Assess if your organization is utilizing Log4j in any way internally and take the appropriate measures to patch and locate any potential weaknesses.
- If your organization is utilizing a 3rd party software that utilizes Log4j, follow up with the vendor to ensure that they are taking the appropriate action to remediate.
- Keep close watch and remain on the lookout for device, software and app updates.
Additionally, all organizations should have a robust security plan in place that includes understanding potential vulnerabilities like this one and implementing appropriate safeguards against them.