Log4J Vulnerability: 5 Key Takeaways and Dealing with Future Vulnerabilities
It’s been a couple of months now since the Log4J vulnerability rocked the world. Discovered in December 2021 as a zero-day vulnerability, this security flaw provides an open door into affected systems. Hackers that successfully exploit the Log4J vulnerability can remotely control affected servers to deliver a nasty payload such as ransomware, or to gain access to sensitive information.
The most frequent vectors for the Log4J vulnerability are via the web server and web applications. These will remain the most common attack vectors for vulnerability exploitation for some time to come. However, this particular vulnerability sits within a Java library that is widely used across many systems, and impacts them all in the same way. As web servers become tougher to exploit, we expect cybercriminals to expand their capabilities to include other protocols.
Patches were soon made available and widely published to provide a quick fix, though experts suggest we may see this vulnerability crop up for years to come as hackers continue to develop their methods of exploitation.
In this article, we are stepping back and looking at what key takeaways can be taken from this unusual event, as it is important to review what measures you currently have and can further implement to protect against future vulnerabilities.
1. Large scale vulnerabilities like Log4J are beyond your control
Every IT department intends to secure the systems that are critical for your business operations. Though when incidents such as the Log4J vulnerability occur to third-party, widely used systems and platforms, you are limited to what actions you can take to reduce the impact. The Log4J vulnerability has highlighted the security risk that sits with third-party systems and questions what measures can be taken to react promptly.
2. Visibility of vulnerabilities enables you to react quickly
Knowing if and where you are affected by new vulnerabilities is key to reacting quickly to prevent any real damage. Traditionally, a vulnerability assessment would need to be carried out by a professional service provider to help you understand where your vulnerabilities are. As a one-off assessment, these can be a costly way to regularly monitor your vulnerability exposure. The most efficient and cost-effective way to achieve this is through on-demand vulnerability scanning. Having constant visibility of your vulnerabilities enables your organisation to quickly react to an event such as the Log4J vulnerability. On-demand vulnerability scanning significantly closes the window of risk that your organisation is exposed to should you have vulnerabilities.
3. Layered security prevents complete exploitation
In many cases, vulnerabilities can only be fully exploited by a chain of exploits all being executed and successful. Using layered security to cut off parts of the chain can be enough to prevent a vulnerability from being fully exploited. Services like Multi-Factor Authentication, Endpoint Protection and Web Security all protect you from multiple cyber threats and should be considered as critical security layers to prevent vulnerability exploitation.
4. Incident response is a critical part of modern cybersecurity
As mentioned in our first point, some vulnerabilities are beyond your control to prevent. Responding as quickly as possible closes the window of risk, though what happens when it’s too late? Having a clear incident response plan has become a cornerstone of a strong cyber security posture. The goal of incident response is to enable an organisation to quickly detect and halt attacks, minimising damage and preventing future attacks of the same type.
As described by Cynet, there are six steps to effective incident response:
- Preparation of systems and procedures
- Identification of incidents
- Containment of attackers and incident activity
- Eradication of attackers and re-entry options
- Recovery from incidents, including restoration of systems
- Lessons learned and application of feedback to the next round of preparation
It’s best to have an incident response plan in place before an attack, though if you have experienced a breach and need a quick and easy fix, we offer free incident response when you need it most.
5. There are many, many more vulnerabilities out there
Media attention brought the Log4J vulnerability into the headlines which helped many organisations to act quickly. It was given the highest possible CVSS severity score of 10. Patches were soon made available and countless cyber security specialists published advice and guidance on how to implement a fix.
This same level of attention should be given to equally detrimental vulnerabilities that often go under the radar. According to NIST, 20,136 Common Vulnerabilities and Exposures (CVEs) were published in 2021. This marks the fifth year in a row that a record number of vulnerabilities has been discovered, and the first time in history that the number of CVEs has passed the 20,000 mark.
On-demand Vulnerability Scanning to Protect Against Future Vulnerabilities
Vulnerability exposure should be the first consideration in your organisation’s security strategy, as without it, everything else you have in place won’t protect you. Layered security is important to have in front of your critical business systems, though should not be completely relied upon to prevent a breach. Securing systems at the source by maintaining vulnerabilities is equally, if not more of a priority.
If we were to analogise, securing your infrastructure and web applications without regularly monitoring and maintaining your vulnerabilities would be like building a moat around your house and then leaving all the windows and doors open. Should somebody one day find a way across the moat, they are gifted easy access.
The most efficient and cost-effective way to achieve this is through on-demand vulnerability scanning, as opposed to traditional one-off assessments. We recommend V-Scan, powered by AppCheck as a platform that enables you to manage your vulnerability exposure on an ongoing basis.
See how V-Scan can help your organisation by visiting our webpage.