0800 612 2524
Change Region

On Friday 11th December 2021, a vulnerability was found within Apache Foundation Log4j2 (‘Log4j2’) that could have enabled attackers to access IT systems, from where they could deploy cyberattacks such as ransomware. First discovered in the popular game Minecraft, this vulnerability, if correctly exploited or left unmitigated, allows malicious actors to gain remote access to a business’ servers or wider IT infrastructure. 

What is Log4j?

Log4j is a common logging system used by developers of Java-based web and server business applications and web apps. It was developed in the last decade for both enterprise and consumer services. 

While many will not have heard of Apache Log4j, it is widely used by developers and programmers to take notes or mark instances about what is happening on applications or servers. For example, to mark a security incident. Due to the nature of this tool and its universal use across applications worldwide, security experts have significant cause for concern about how this may be utilised by hackers or criminals. 

What is the vulnerability from Log4j?

The Log4j or CVE-2021-44228 is what is known as a zero-day vulnerability, meaning it was made accessible to the public before the relevant vendors had the opportunity to detect, fix, and patch the fault. Although this vulnerability has always existed, with very little prior knowledge, CVE-2021-44228 enables hackers or malicious actors to perform remote code execution, which means they can run any code and access all available data on an affected machine or unpatched system. Through such access, attackers will have the ability to encrypt, delete or hold data for ransom. 

For this reason, it is crucially important that you take steps to avoid such circumstances taking place. 

How can you stay safe with Log4j?

The National Cyber Security Centre has listed a set of recommended priority actions for organisations to follow:

Install the latest updates immediately wherever Log4j is known to be used: 

  • Cyber security experts across the world have stated this should be the first priority for all organisations using software that is known to include Log4j. It is vital you update to version 2.15 or later.
  • Furthermore, the flaw can also be mitigated in the previous versions (2.10 and later) by setting system property “log4j2.formatMsgNoLookups” to “true” or removing the JndiLookup class from the classpath.

Discover unknown instances of Log4j: 

  • To support the immediate updating of Log4j wherever it is known to be used, you also should determine if Log4j is installed elsewhere. A large number of Java applications can include all the dependent libraries within their installation. 

Deploy protective network monitoring/blocking:

  • Organisations using Web Application Firewalls (WAFs) should ensure rules are available to protect against this vulnerability. 
  • The log files for any services using affected Log4j versions could constrain user-controlled strings. 
  • If your organisation is storing netflow data for your network’s internet connections, or you have robust EDR coverage of servers, you should search for internally initiated LDAP connections to external destinations not seen before 10 December 2021. 

It is important to note, while you may believe you are protected from this flaw, it is better at this stage to assume you are still vulnerable at this time. It is recommended to continually scan for unknown instances of Log4j and update where necessary.  

How can Hyve Help?

Hyve has been proactive in our response to the reported remote code execution vulnerability in the Apache Log4j (Log4Shell).

If you are an existing Hyve customer, you would have received an email from us on 13th December with the actions needed. If you did not receive this email please contact sales@hyve.com. 

If you think you are using Log4j, please create a P3 support ticket in the MyHyve portal to discuss the vulnerability and agree on patching time. 

If you do not have a patch management contract, please ensure to patch any of your systems to Log4j version 2.15 or contact sales@hyve.com to set up a patch management contract. 

Start your journey today

Discuss your hosting requirements with us today

For more information on our solutions, please call us on 0800 612 2524 or fill out the form below..

  • Hidden
  • We don't send spam to our users
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.