In the world of IT, bugs aren’t uncommon. Bug fixes get pushed out by developers constantly - in fact, if you’re not seeing regular bug fixes from a service provider, it’s probably a sign that they’re not working hard enough to find and fix bugs, not that there are no bugs to be found.
But bugs that create massive security vulnerabilities in one of the most widely used software libraries in the entire world? Those are rare - and extremely serious. We need to talk about the Apache Log4j bug.
What Is Log4j?
Log4j is a record keeper for an astonishing number of different activities that occur online. Any time an activity takes place online, a record of that activity is logged - hence the log in Log4j (it stands for Logging Utility For Java). These records are essential, as they allow administrators to troubleshoot errors, and they can inform users of abnormalities (like 404 Page Not Found errors).
As you can imagine, the need for logging technology is ubiquitous online - and Log4j is one of the most used pieces of software on the internet.
What Is the Log4j Bug?
To talk about one Log4j bug is a bit of an overgeneralization - since December 2021, 5 separate security vulnerabilities have been found in Log4j, and each of them has been patched by Apache.
One of the Log4j bugs presented an extremely serious vulnerability: it allowed for remote code execution. This meant that malicious actors could force a program to run Java code without checking to see if the code was legitimate.
With remote code execution, there’s basically no end to the types of malicious activities hackers can take. Ransomware, man-in-the-middle attacks, turning servers into coin mining machines - the list goes on and on.
Another Log4j bug opened the door to Denial of Service (DoS) attacks. While there have been no more Log4j bugs since January - Apache, the cybersecurity community, and cybercriminals will all be looking for bugs that haven’t been found yet.
What Can You Do About Log4j
The level of control that you have over Log4j bugs themselves depends heavily on the level of control you have over your own servers, and what your responsibilities are. If you’re responsible for ensuring Log4j stays updated on your server, and you haven’t updated yet - do it now! Cybercriminals are looking for unpatched Log4j like burglars look for unlocked homes with their occupants on vacation.
For those without such granular control over their Java logging software, there are still steps you can take to improve security. Even though Log4j exposes some very serious weaknesses, having the right tools and protocols can help.
First, remember that Log4j vulnerabilities open attacks on servers, not on individual devices. That’s not to say your devices can’t be attacked from the server, but attackers will have to get creative at this step - and that’s where you can try to stop them.
If you’re using WordPress or a similar service to run your website, check your plug-ins. Plug-ins aren’t always updated frequently, and they could be running on servers using an old version of Log4j. If your plug-ins haven’t been updated in some time, consider disabling them.
Managed Detection and Response (MDR) services can help you locate compromised devices on your network and seal them off from the rest of your network. Multi-factor authentication can stop malicious actors who have obtained passwords from logging into your network. Training can help your staff avoid phishing attacks.
We can help you keep your business and network safe, too. We offer Winnipeg IT services, including network security services. Want to protect your network? Get in touch with us today.