Everything you need to know about the Apache Log4j Vulnerability
What is Apache Log4j (CVE-2021-44228)
Apache Log4j 2 is an open-source Java-based logging framework, which is leveraged within numerous Java applications around the world. On December 9, 2021, a high severity alert (CVE-2021-44228 – also identified as Log4Shell) was issued for a vulnerability in Apache. Apache is fairly ubiquitous – thus scope of impact for this specific vulnerability is significant.
A proof of concept (PoC) code was released, and it became apparent that it is incredibly easy to exploit. It is particularly nefarious in that the vulnerability requires no authentication. The CVE can bypass all protections.
Timeline of Progression
- December 14, 2021, a second vulnerability was announced (CVE-2021-45046)
- December 16, 2021, a third Log4j vulnerability was announced (CVE-2021-45105)
- December 28, 2021, a fourth Log4j vulnerability (CVE-2021-44832) was announced by Apache and is given a CVSS criticality rating of Medium
Log4j vulnerabilities are being actively exploited and organizations are urged to update their systems to Log4j version 2.17.0 as quickly as possible to mitigate these vulnerabilities. Cyber threat actors of various skill level and motivation are actively exploiting this vulnerability to establish initial access and gain a foothold in the victim environment.
Our Threat Research Team (TRT) continues to follow the vulnerability and its evolution:
- Safeguarding Your Assets Against Apache Log4j Vulnerability
- Log4Shell Active Exploitation Continues…
- Observations from a Log4j Decoy: From Vulnerability to Infection to DDOS in Record Time
Fidelis continues to update our detection rules associated with Log4j to ensure Fidelis customers remain protected against Log4j exploitation as the threat evolves. Log4j mitigation guidance for Fidelis products is available through Fidelis’ customer support portal.
Important Steps to Protect Your Assets
If you have not begun to patch, stop everything and do that now. Once that is done, here are a few more steps you can take:
Deploy an Early Warning System
Deception technologies in your environment can serve as an early warning system. Quickly deploy decoys and lure adversaries away from production systems. This allows you to detect and neutralize threats in your environment before they can cause damage.
Additional Reading:
- Observations from a Log4j Decoy: From Vulnerability to Infection to DDOS in Record Time
- Log4shell: Looking for the “The Dark Side of the Moon”
- How to Protect Your Organization from Log4j
- Deploy an Early Warning System
- Log4shell Active Exploitation Continues…
- Safeguarding Your Assets Against Apache Log4j Vulnerability
