Mrs. Christiana Kozakou, is the Head of Marketing at Odyssey Cybersecurity, where she leads and oversees strategic marketing efforts for Odyssey and ClearSkies brands around the globe. Her expertise lies in designing and coordinating 360-degree marketing campaigns and crafting effective marketing penetration strategies for exploring new markets. Mrs. Kozakou is a dynamic professional driven by her passion for unleashing potential in every endeavour, leading a team of creative marketers, working together towards one goal: to give voice to Odyssey and its people so the world can become a cyber safer place. Throughout her 10 years career, Mrs. Kozakou has served in key roles in Advertising, Business Development and Digital Marketing in International companies. A fervent believer in empowering women, she served as a dedicated volunteer for IWIB’s International Team, fostering growth and opportunities for aspiring leaders. Her educational background boasts a Master of Business Administration (MBA), Bachelor’s degrees in Marketing and Sociology.
New Critical vulnerability in Apache Log4j library exploited in the wild (CVE-2021-44228)
Threat Level Description
Threat Level: Critical - An attack is expected imminently. Maximum protective security measures to meet specific threats and to minimize vulnerability and risk. Critical may also be used if a terrorist attack is expected seeking to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence.
We have observed that a new critical vulnerability in Apache Log4j Java-based logging library, that is actively exploited in the wild, has been identified.
Unauthenticated remote attackers, by exploiting this vulnerability, could perform remote code execution, escalate their access privileges and finally compromise the entire domain.
The Apache Log4j Java-based logging library is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.
This vulnerability, named Log4Shell or LogJam (CVE-2021-44228), concerns a case of unauthenticated, remote code execution (RCE) on any application that uses this open-source utility.
An unauthenticated remote attacker, could exploit this issue utilizing a specially crafted string of text, which can trigger an application to reach out to a malicious external host, if it is logged via the vulnerable instance of Log4j, effectively granting the adversary the ability to retrieve a payload from a remote server and execute it locally.
Specifically, the Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. If the malicious string contains instructions to use LDAP, the server will attempt to contact the specified LDAP server and load the specified Java resource. This server and resource can be compromised and result in remote code execution on the server. Thus, the attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. However, from log4j version 2.15.0, this behavior has been disabled by default. The Apache Log4j zero-day vulnerability is probably the most critical vulnerability we have seen this year, because Log4j is a ubiquitous library used by millions of Java applications for logging error messages. Moreover, this vulnerability has been actively exploited in the wild. Since its release, many vendors including Checkpoint have released signatures for mitigating the vulnerability.
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
You should proceed and implement the relevant mitigations and updates provided by the vendors.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.