Log4J? Cyber Pandamic? I noticed that many people I talk to have never heard about it, and this is why I want to show you how the software “Log4j” can fail your company and how you can prevent your assets from being in danger by taking action now!
Building awareness and a feeling for Cyber Security is important for every business owner and us as private people alike.

In the following article I will elaborate on what actions businesses have to takle immediately, to not be out of business soon.

“Log4j comic” illustrated by Florian Wagner - CC BY-NC-ND 4.0 27/12/21

So in short, what the Log4j and why do I want to raise your awareness about this?

Log4j is a logging component in software that allows you to write away events that seem important. Logging intentionally is there to give the IT team an inside into how your software or piece of technology is running in production. Furthermore, logs are used for forensic analysis after a cyber attack to identify what happened and ideally to have hints to who attacked you and how. Exactly these logs are now affected by a security vulnerability that allows an attacker to craft a malicious text and send it to your vulnerable software, either by just injecting it into a form field within your application or sending a HTTP request over the internet. An attacker who uses this vulnerability, called Log4Shell, can get sensitive information out of your systems and even take over the system that is vulnerable. After this an attacker is able to do everything from attacking more systems in your network, spying on you, stealing your data or applying a worm and encrypting everything like it happened in 2017 with WannaCry.

Is there evidence of systems being attacked?

Since December 1st this vulnerability is actively being used to hack systems around the globe and yours could be the next. Since the public disclosure the Maritime Sustainment Technology and Innovation Consortium (MSTIC) reported that nation state activity groups from China, Iran, North Korea, and Turkey are focusing on hacking vulnerable systems now. Checkpoint has measured over 800.000 attacks only from the December 9th to 13th and called it the Cyber pandemic, they have a great article worth reading, if you want to learn more, click here.

Recommended actions to take:

First and foremost, ask yourself and your IT team: Are we vulnerable?

1. Speak to your IT team and see if they know about this. If not, make them aware!
2. Do you have a software asset register? —> See if you use software that makes use of Log4j.
3. Hire a penetration tester to find your vulnerable systems and make sure they are fixed properly.
4. Apply the Log4j 2.15.0 and the upcoming 2.16.0 patch as soon as possible.
5. Make sure to apply patches to other software that is used in your company. If a software patch is release in the next couple of days it is probably to fix Log4j in that software.

Other things to consider:

1. Don’t let your guards down for the holidays, this is the opportunity for hackers and they will not miss it! Even America’s CISA put out a warning over the holidays for businesses.
2. Remember, if you make use of open source software, then contribute back next time. Even a coffee donation of 2$ could help these people to provide secure and good software for everyone.
3. The best recommendation: Learn from it! Most businesses do not know how to value the importance of Cyber Security in our world and the risk involved until something happens.

If you have any questions feel free to contact me. You find my contact details below.
May Log4Shell not affect you, Merry Christmas and a Happy New Year!

All the best,
Florian