Hyve logo

Discuss your hosting requirements with us today

Log4j Vulnerability: What do you need to know and how can you stay safe?

What do you need to know and how can you stay safe?

Hyve Managed Hosting

featured image

On Friday 11th December 2021, a vulnerability was found within Apache Foundation Log4j2 (‘Log4j2’) that could have enabled attackers to access IT systems, from where they could deploy cyberattacks such as ransomware. First discovered in the popular game Minecraft, this vulnerability, if correctly exploited or left unmitigated, allows malicious actors to gain remote access to a business’ servers or wider IT infrastructure. 

What is Log4j?

Log4j is a common logging system used by developers of Java-based web and server business applications and web apps. It was developed in the last decade for both enterprise and consumer services. 

While many will not have heard of Apache Log4j, it is widely used by developers and programmers to take notes or mark instances about what is happening on applications or servers. For example, to mark a security incident. Due to the nature of this tool and its universal use across applications worldwide, security experts have significant cause for concern about how this may be utilised by hackers or criminals. 

What is the vulnerability from Log4j?

The Log4j or CVE-2021-44228 is what is known as a zero-day vulnerability, meaning it was made accessible to the public before the relevant vendors had the opportunity to detect, fix, and patch the fault. Although this vulnerability has always existed, with very little prior knowledge, CVE-2021-44228 enables hackers or malicious actors to perform remote code execution, which means they can run any code and access all available data on an affected machine or unpatched system. Through such access, attackers will have the ability to encrypt, delete or hold data for ransom. 

For this reason, it is crucially important that you take steps to avoid such circumstances taking place. 

How can you stay safe with Log4j?

The National Cyber Security Centre has listed a set of recommended priority actions for organisations to follow:

Install the latest updates immediately wherever Log4j is known to be used: 

  • Cyber security experts across the world have stated this should be the first priority for all organisations using software that is known to include Log4j. It is vital you update to version 2.15 or later.
  • Furthermore, the flaw can also be mitigated in the previous versions (2.10 and later) by setting system property “log4j2.formatMsgNoLookups” to “true” or removing the JndiLookup class from the classpath.

Discover unknown instances of Log4j: 

  • To support the immediate updating of Log4j wherever it is known to be used, you also should determine if Log4j is installed elsewhere. A large number of Java applications can include all the dependent libraries within their installation. 

Deploy protective network monitoring/blocking:

  • Organisations using Web Application Firewalls (WAFs) should ensure rules are available to protect against this vulnerability. 
  • The log files for any services using affected Log4j versions could constrain user-controlled strings. 
  • If your organisation is storing netflow data for your network’s internet connections, or you have robust EDR coverage of servers, you should search for internally initiated LDAP connections to external destinations not seen before 10 December 2021. 

It is important to note, while you may believe you are protected from this flaw, it is better at this stage to assume you are still vulnerable at this time. It is recommended to continually scan for unknown instances of Log4j and update where necessary.  

How can Hyve Help?

Hyve has been proactive in our response to the reported remote code execution vulnerability in the Apache Log4j (Log4Shell).

If you are an existing Hyve customer, you would have received an email from us on 13th December with the actions needed. If you did not receive this email please contact [email protected]

If you think you are using Log4j, please create a P3 support ticket in the MyHyve portal to discuss the vulnerability and agree on patching time. 

If you do not have a patch management contract, please ensure to patch any of your systems to Log4j version 2.15 or contact [email protected] to set up a patch management contract. 

Get cloud insights to your inbox

Email icon
Alert icon
check circle

By submitting your email, you consent to the processing of your personal data for the purposes of receiving Inbox Insights emails. View our privacy policy for full details.

Discover our Security Services

Security services are one of the most important investments for your business. Whatever your needs, ...

Find out more

Insights related to Blog

Cloud specialist eyes further international growth
Read our insight

Insights related to News

Cloud specialist eyes further international growth
Read our insight
telephone
Background image

Get in touch

Alert icon
check circle
Alert icon
check circle
Alert icon
check circle
Email icon
Alert icon
check circle
Lock icon

We don't send spam to our users

Alert icon
check circle

0 of 4000 max characters

telephone