Blog

Get expert advice on every topic you need as a small business owner, from the ideation stage to your eventual exit. Our articles, quick tips, infographics and how-to guides can offer entrepreneurs the most up-to-date information they need to flourish.

Subscribe to our blog

Accounting & Finance
Approaching Uncertainty
Insurance
Leadership & Growth
People Management & HR
Private Equity
Professional Services
Small Businesses
Startups
Taxes
Technology & Security

Why your organization needs to be vigilant against Log4j vulnerability, according to cybersecurity experts

Posted by Celene Robert

January 13, 2022

Security logo displayed on a computer screen.
Check Point Research identified a whopping 50% uptick in weekly cybersecurity attacks on business networks in the fourth quarter of 2021 versus 2020, a figure the cybersecurity firm said was exacerbated by the Log4j vulnerability discovered in December.

Log4j is a popular open-source Java logging library developed by the Apache Software Foundation. It is used by developers to record what happens in their software applications or online services. A software vulnerability in Log4j, disclosed in December and also known as Log4Shell, has gained broad attention for posing a severe risk to millions of applications and devices across the globe. 

Microsoft reports that Log4Shell can be used to break into systems, steal passwords and logins, extract data and infect networks with malicious software. Enterprise software developer Red Hat assigned Log4Shell a 9.8 severity score out of possible 10 on the Common Vulnerability Scoring System, while the National Institute of Standards and Technology rated Log4Shell its highest severity score, 10.

Who is affected?



Security experts warn that attackers are making hundreds of thousands of attempts to find vulnerable devices. Any device with internet access is at risk if it's running open-source logging Log4j library, version 2.0 to 2.14.1. 

Although the Log4j library is used worldwide in millions of software applications and online services, it makes systems vulnerable by allowing attackers to execute code remotely on a target computer to spread malware, steal data and take control. 

Minecraft servers were the first to face Log4j exploitation via a malicious string entered through its chat box. Malignant text entered in the username box on web applications, like Apple iCloud, can also lead to compromise. Although fixes have been issued, organizations still need time to identify exploited areas or potential threats and implement the measures.

Warnings issued by major players 



Several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre, have issued warnings to take immediate measures against the Log4j vulnerability. 

"We will only minimize potential impacts through collaborative efforts between government and the private sector,” said CISA Director Jen Easterly. “We urge all organizations to join us in this essential effort and take action.”

Measures undertaken by major tech firms to detect, mitigate Log4J vulnerability:

1. NCC Group offers paid tools for businesses to test Log4j vulnerability.

2. Microsoft released guidance on preventing and detecting Log4j exploitation.

3. IBM issued guidance for its customers.

4. Oracle issued a patch to avoid Log4j exploitation. 

5. Amazon web services announced it is working on patching services.

6. Cisco released rules to detect exploitation and patches for its affected products.

How to safeguard against avoid Log4j exploitation



Any organization affected by the Log4Shell flaw should upgrade Log4j to version 2.16.0, which Apache released on Dec. 13. 

Author

Celene Robert
Celene Robert

Celene heads up the marketing at Escalon. Passionate about helping companies grow their business, she spends her days finding new ways to bring essential business services to startups, SMBs, and growth-minded companies. Based in the PNW, she’s the proud owner of 8 pairs of Birkenstocks and a sassy, cuddly cat.

Previous Post
Newer Post

Featured Downloads

Private Equity Scaling Accounting Operations and Optimizing Financial

Private Equity

Private Equity Scaling Accounting Operations and Optimizing Financial
Learn More
why-late-saas

Accounting & Finance

Why Late-Stage SaaS Needs Fractional CFO Services
Learn More
how-to-measure-company

Accounting & Finance

How to measure a company’s financial strength using the 3 key financial statements
Learn More

Related Stories

A man holding a cup of coffee looks with concern at his computer screen.

Technology & Security

How to protect your small business from phishing scams
Learn more
Microsoft Windows update screen

Technology & Security

Windows 11: What businesses should consider before upgrading
Learn more

We provide you with essential business services so you can focus on growth.