+31 33 789 00 33
Support
+31 33 789 00 33 Support
HomeNewsMajor Vulnerability Apache Log4j

Update: Major Vulnerability Apache Log4j

Read below the measures you can take and the ones we took.

Last week we shared a serious vulnerability in Apache Log4j. Many systems and web apps worldwide use this logging tool. We took action to reduce risks for the systems under our control. And we continued to do so. Because now more information is available about the use of Log4j. But also, about abuse and the scale at which it takes place.

With this update we share the current events. Note: we highly recommend investigating vulnerable systems. Be extra vigilant, also during the holidays.

Vulnerability

“The vulnerability allows attackers to remotely abuse the rights of web servers, with potentially significant consequential damage. The NCSC has issued a HIGH/HIGH security advice for this vulnerability: the risk of misuse in the short term and the potential damage are high,” the (Dutch) National Cyber ​​Security Center reports on their website.

The latest security advisory from the NCSC: Security Advisory | Current | National Cyber ​​Security Center (ncsc.nl)

Actions taken by Infradax

We instituted increased surveillance. This means that we perform scans to detect and analyze Log4j vulnerabilities. Measures are taken where possible. Installing updates, workarounds or temporarily closing access. We monitor all managed systems with strict supervision. And we check backups more often.

Our professional team monitors and analyses all current affairs, findings, and questions.

Advice

Many organizations have more than one application supplier. The overview is therefore less clear and more vulnerable to dangers. Log4j is used in many such apps and updating it separately is not possible. It always goes hand in hand with the full update of the software.

Keep investigating the affected systems and applications. Even if we manage your environment. Because it’s not always within our reach. Think of websites, (web)apps, portals, or other tools.

Prioritize systems directly connected to the internet. But never forget internal systems.

Our advice

  • Follow the advice of the NCSC as soon as possible.
  • Investigate all your systems and applications. Many suppliers know about the impact of Log4j. So, please contact your supplier or partner to provide you with information.
  • Stay alert and monitor suspicious events (also ask colleagues to do so).
  • Be prepared for abuse. Make sure your backups are complete. And consider the impact of affected systems on your business.
  • Ensure backups are securely stored in distinct locations.
  • In case of any question or doubt, please do contact us.
Sources for more information and advice:

Log4j Attack Surface
Guidance for preventing detecting and hunting for log4j exploitation

Risk

  • The chance of abuse is remarkably high when a system is linked to the outside world. And therefore, vulnerable to Log4j. Attacks are carried out automatically by entering a string. On i.e. an input field of a website, application, or form. The weakness is activated when the string ends up in a vulnerable system. NOTE! This can also be the case when a hand scanner scans the string! The system automatically logs on to the malicious party, after which it has control over the vulnerable system.
  • The impact of this weakness is extremely high. Once attackers enter your system, they can download malware. And then run ransomware, crypto-miners, or other unreliable software.

Supported measures

Easily identify and reduce the risk of Log4j by taking these measures:

  • Create an up-to-date overview of used software and suppliers.
  • Incorporate Vulnerability Management software in your environment (may be included in your Microsoft365 subscription).
  • Use central management tooling to easily identify Log4j.
  • Use Next-Gen firewall with IDPS /Web Application Filter subscription.

Contact or support

Our Service Desk and specialists are as up to date as possible about the situation. If you have any questions or concerns about your situation, please feel free to contact us.

Contact our Servicedesk if you purchase management or support from us (servicedesk@infradax.com), or your contact person.

Interested?

Want to know more about this vulnerability?

Call us!

So, we can help you and your employees with this vulnerability.

Interested? Contact us!

  • * Mandatory

  • This field is for validation purposes and should be left unchanged.