On Thursday, December 9, 2021, a severe vulnerability was discovered that has a devastating effect on systems across the internet. The severity of this particular vulnerability is rated 10/10, the highest known to memory. This means that hackers can remotely obtain unauthorised full access to the vulnerable system with zero user interaction.
What’s the issue?
A vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.
Who is affected by this?
Almost all software will have some form of ability to log (for development, operational and security purposes), and Log4j is a very common component used for this.
For individuals, Log4j is almost certainly part of the devices and services you use online every day. The best thing you can do to protect yourself is make sure your devices and apps are as up to date as possible and continue to update them regularly, particularly over the next few weeks.
For organisations, it may not be immediately clear that your web servers, web applications, network devices and other software and hardware use Log4j. This makes it all the more critical for every organisation to pay attention to our advice, and that of your software vendors, and make necessary mitigations.
What if …
… I know we are using Log4j in applications developed in house?
Update to version 2.16.0 or later.
… I know Log4j is present in applications supplied by a third party?
Keep any such products updated to the latest version. More products may release patches over the next few days and weeks, and so organisations should make sure they’re checking for updates regularly.
… I don’t know if anything we use is using Log4j?
Ask your in-house developers and/or third-party suppliers. We have asked that developers of affected software communicate promptly with their customers to enable them to apply available mitigations or install updates. In turn, you should act promptly on any such communications from developers.
What else can we do?
Check your systems for the use of Log4j
Check the list of vulnerable software
Contact software vendors
Set Web Application Firewall rules
Check for scanning activity
Check for exploitation
Sign up for the NCSC’s Early Warning
See the vulnerability alert for more technical detail on these steps.
Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity and we are using Police CyberAlarm to support member organisations to identify Log4J vulnerabilities on their networks and any threat actors attempting to exploit them. If you want to improve your organisation’s resilience to this and other threats, sign up here for our free tool: Police CyberAlarm.
You can also sign up for Core Membership with us to receive ongoing support. The Cyber Resilience Centres are non-profit organisations designed to support businesses to protect themselves from cyber crimes and fraud. You can become a member today, free of charge via our membership form.
What if we have been compromised because of this vulnerability?
If you have been a victim of cyber crime you should report to Action Fraud any time of the day or night using their online reporting tool, or by calling 0300 123 2040 Monday to Friday 8am - 8pm.
Reporting a live cyber attack 24/7.
If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week. Please note, if you are member of the public you must call to report through our core opening hours.
If you are a UK organisation compromised by this vulnerability you can also report to the NCSC via our website. See the alert for the kind of activity you should report.
By following these steps, users and organisations will have the best possible chance of protecting themselves from this zero-day vulnerability. The WMCRC can provide further security awareness training to organisations and individuals, which you can access by contacting us today.
Any organisation or individual can be affected by this recent zero-day vulnerability, so you must remain alert. Follow professional advice, keep your devices regularly updated, and watch out for vulnerability patches that will be released in the coming weeks. You can also contact the WMCRC to scan your network (either remotely or by an internal assessment).
Our vulnerability assessments can test your IT system configuration using the same techniques used by hackers to ensure your company is not wide open to cyber an attack.
Following these simple steps will help keep you and your organisation better protected this holiday season.