Software vulnerabilities are unfortunately common. But lately, it seems like the ones impacting many different types of devices and platforms are becoming more prevalent.
Just a few months back, in November, a warning was issued about critical vulnerabilities in Siemens software that could impact millions of medical devices and allow hackers to breach vital equipment.
Now, on the heels of that news, we hear about an even wider spread vulnerability that could impact hundreds of millions of devices around the world. This new vulnerability is in a basic building block of software called Log4j by Apache and the attacks associated with the vulnerability are being referred to in the cybersecurity community as Log4Shell.
We’ll discuss what Log4J means and how it can put your devices at risk, but first, we’ll go over the basics of what software vulnerabilities and exploits are.
Software Vulnerabilities & Exploits
Whenever you hear about a vulnerability in software, it means that somewhere in the code the developer has accidentally left a “loophole” that can be exploited by a hacker.
In fact, this is why the dangerous code that hackers write to take advantage of those vulnerabilities are called, “exploits.” When you hear of the “XYZ Exploit” it refers to a malicious code a hacker has deployed to target a found vulnerability in specific software.
The type of loophole will dictate what types of exploits are written. Sometimes there will be multiple exploits launched for a single vulnerability because it allows hackers to take advantage in different ways.
Some of the common ways that exploits can leverage software vulnerabilities are:
- Access user management in a device
- Take over control of a device
- Launching of commands
- Ability to open a backdoor to plant malware and/or steal data
How Does Log4J Put Companies at Risk?
The Log4J vulnerability is such a dangerous one because it allows for many different types of exploits, and it impacts multiple online interfaces.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) describes it as a “critical remote code execution (RCE) vulnerability in Apache’s Log4j software library.”
The term “library” is significant as these are resources used by multiple software developers to create their software. So, unlike some vulnerabilities that are only in a single software, Log4J can be written into many different types of online applications and websites.
This one vulnerability is estimated to be present in more than 100 million instances around the world.
Just a few of the companies/sites that use the Log4J library in their software include:
What Can Happen If Your Device Is Impacted?
What happens to a device is that if you are accessing one of the software products or websites that has the Log4J vulnerability and that vulnerability has not been patched, your device can be hacked in several different ways.
Apache has a vulnerabilities page that lists the variety of different exploits that can occur and any patches it has issued to address them.
These are some of the things that hackers have been doing to exploit this vulnerability:
- Denial of Service: Enables a hacker to basically flood a service using this code with so many requests that the system goes down.
- Remote Code Execution: This is a critical vulnerability because it allows the attacker to execute code on a device to take it over.
- Improper Validation of Certificate: This lower-level type of exploit can still enable the potential interception by a man-in-the-middle attack of any log messages by your device.
How To Protect Your Company from The Log4J Vulnerability
To understand how vulnerable your company is, you should review a list of all impacted software developers to see if your company uses any of the impacted applications or websites. You can find a list here on BeepingComputer.
The good news is that many software developers have already issued patches for the Log4J vulnerability for their particular software. But you do need to ensure those patches are applied.
Businesses that have managed IT services in place are already in a good position and most likely safe because this means updates and critical security patches are being installed automatically for each managed device.
If you don’t have automated patch and update management, then you’ll want to ensure every device used for your business has all software updates applied as soon as possible.
1 in 3 network breaches is caused by unpatched vulnerabilities.
It only takes one unpatched device to enable hackers to attack your entire network.
Are Your Devices Being Updated Regularly?
C Solutions can help your Orlando area business put a smooth, automated patch and update management system in place that helps protect you from software vulnerabilities.
Schedule a free consultation today! Call 407-536-8381 or reach us online.