So, what exactly is Log4Shell, and should you be worried?
Essentially, Log4Shell is a vulnerability in a Java software component called Apache Log4j which is a code embedded in numerous applications including websites. The vulnerability logs all activity through that application which is then used by hackers to gain password-free access to systems.
One of the most worrying aspects of this new threat is that the code could (and probably does) exist somewhere in your business’s systems and applications without your IT team being aware of it. It could be present in third-party applications as well as applications built in-house. So far Google, Microsoft and Cisco Systems Inc have been affected by the vulnerability. It has been called by many the worst cyber security bug of the year as it could affect any business, big or small, globally which has a website.
The Implications
This vulnerability allows cybercriminals access to systems from industrial networks to household electronics. According to Which? every household has at least 10 interconnected devices – all of which could be vulnerable to this threat.
Cybercriminals are able to send malicious packets to any system via the internet, that has a vulnerable version of Log4j running. Once the packet is received by the system, it will download malware which can take complete control of your systems which could have a massive impact on your business. So far, such malware has included:
Tsunami – This malware creates a backdoor in the system that collects sensitive data and sends is back to the IRC server. Its main function is to flood the system with requests creating a Distributed Denial of Service (DDoS) meaning your systems will stop functioning.
Meterpreter – This is a trojan malware which enables hackers to gain remote control of your business’s systems enabling them to do anything they want within them.
Coin miners – these generate Bitcoin or other cryptocurrencies using your business’s processor meaning the systems will no longer work for your business needs, and the cybercriminal gains the rewards.
Using this vulnerability allows attackers to take-over your systems and steal your data. This they will then auction off to ransomware providers as a means of extracting money from your business. This could have a massive impact on your organisation in downtime, reputational loss and data loss.
Protecting your business
This threat, although attacking all organisations globally could be more difficult for a small business to manage as they don’t have a dedicated IT security team who have the speed and expertise to deal with it. However, the best way of protecting your business’s systems from the Log4j vulnerabilities, as well as other security issues is to ensure all systems are fully up to date and all available patches are applied.
Additionally, carrying out a full audit of your systems in order to identify the presence of the Log4j code is particularly effective. If it is identified the IT team needs to upload the current version of the Apache code library (2.16.0) or other patches which have quickly become available.
Next Steps
If you are worried that Log4Shell could affect your systems contact SupportWise for a security audit. This will not only identify the Log4j vulnerability if it is present but could also identify any other vulnerabilities which could prove to be a security risk to your business’s systems.