Schedule a call

Blog

Get expert advice on every topic you need as a small business owner, from the ideation stage to your eventual exit. Our articles, quick tips, infographics and how-to guides can offer entrepreneurs the most up-to-date information they need to flourish.

Subscribe to our blog

Accounting
Finance
HR
Ideation
Insurance
Startup
Taxes
Tech
Approaching Uncertainty
Tech

Why your organization needs to be vigilant against Log4j vulnerability, according to cybersecurity experts

Posted by Deepshikha Shukla

January 13, 2022    |     3-minute read (463 words)

Security logo displayed on a computer screen.
Check Point Research identified a whopping 50% uptick in weekly cybersecurity attacks on business networks in the fourth quarter of 2021 versus 2020, a figure the cybersecurity firm said was exacerbated by the Log4j vulnerability discovered in December.

Log4j is a popular open-source Java logging library developed by the Apache Software Foundation. It is used by developers to record what happens in their software applications or online services. A software vulnerability in Log4j, disclosed in December and also known as Log4Shell, has gained broad attention for posing a severe risk to millions of applications and devices across the globe. 

Microsoft reports that Log4Shell can be used to break into systems, steal passwords and logins, extract data and infect networks with malicious software. Enterprise software developer Red Hat assigned Log4Shell a 9.8 severity score out of possible 10 on the Common Vulnerability Scoring System, while the National Institute of Standards and Technology rated Log4Shell its highest severity score, 10.

Who is affected?

Security experts warn that attackers are making hundreds of thousands of attempts to find vulnerable devices. Any device with internet access is at risk if it's running open-source logging Log4j library, version 2.0 to 2.14.1. 

Although the Log4j library is used worldwide in millions of software applications and online services, it makes systems vulnerable by allowing attackers to execute code remotely on a target computer to spread malware, steal data and take control. 

Minecraft servers were the first to face Log4j exploitation via a malicious string entered through its chat box. Malignant text entered in the username box on web applications, like Apple iCloud, can also lead to compromise. Although fixes have been issued, organizations still need time to identify exploited areas or potential threats and implement the measures.

Warnings issued by major players 

Several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre, have issued warnings to take immediate measures against the Log4j vulnerability. 

"We will only minimize potential impacts through collaborative efforts between government and the private sector,” said CISA Director Jen Easterly. “We urge all organizations to join us in this essential effort and take action.”

Measures undertaken by major tech firms to detect, mitigate Log4J vulnerability:

1. NCC Group offers paid tools for businesses to test Log4j vulnerability.

2. Microsoft released guidance on preventing and detecting Log4j exploitation.

3. IBM issued guidance for its customers.

4. Oracle issued a patch to avoid Log4j exploitation. 

5. Amazon web services announced it is working on patching services.

6. Cisco released rules to detect exploitation and patches for its affected products.

How to safeguard against avoid Log4j exploitation

Any organization affected by the Log4Shell flaw should upgrade Log4j to version 2.16.0, which Apache released on Dec. 13. 
Previous Post
Newer Post

Related Stories

A man holding a cup of coffee looks with concern at his computer screen.

Tech

How to protect your small business…
Learn more
Microsoft Windows update screen

Tech

Windows 11: What businesses should consider…
Learn more

Popular Stories

A calculator along with papers and pen on a desk

Accounting

How outsourced accounting functions can help…
Learn more
Image representing financial data management stored on a cloud computing system.

Finance

Reasons leaders should instill FinOps and…
Learn more
Close-up of a person analyzing business charts on a clipboard

Finance

Increase your business’s sale price by…
Learn more

We provide you with essential business services so you can focus on growth.

Schedule a call to discuss your company’s unique needs