The U.S. Department of Homeland Security’s Cyber Safety Review board has reported on Log4j becoming an endemic vulnerability. Log4j is used by developers to keep track of what happens in their software applications or online services.
However, the software has a flaw. The Log4j issue allows attackers to execute code remotely on a target computer, which could let them steal data, install malware or take control. For instance, exploits discovered recently include hacking systems to mine cryptocurrency.
Weighing in on this subject matter for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.
Stephan Chenette explains the impact of this threat upon IT systems around the world and in the U.S.: “Log4j has strained normal security operations and teams, and in December 2021 led the U.S. Cybersecurity and Infrastructure Agency (CISA) to release guidance and an emergency directive requiring government agencies to patch the vulnerability and urging the private sector to do the same.”
Despite a higher profile, the issue has not gone away, as Chenette points out: “Still, today attackers are continuing to exploit exposed Log4j vulnerabilities to get a foothold into unsuspecting organizations, then use that foothold to campaign an attack.”
There are measures that can be taken and lessons can be drawn from the practices of the leading firms, notes Chenette: “That is why organizations must prioritize the vulnerabilities that matter most and elevate their security performance through continuous testing, using the MITRE ATT&CK Framework as a basis.”
A combination approach to cybersecurity is what is needed, says Chenette, noting: “Offensive defense using attack simulations give enterprises the visibility of potential protection failures before attackers can capitalize on them.”
This leads to the recommendation: “Organizations should have a layered defensive security program that is inclusive of appropriate security architecture, logical boundaries, segmentation, endpoint hardening, isolation, containerization security, network and endpoint surveillance, and most importantly, tested detection and incident response processes.”
Chenette adds that the benefits of this are: “These layers are intended to help catch, quarantine, and clean up any security incident that may take place before the real damage is done. Organizations should implement continuous security validation (CSV) systems to assess the viability of their layered security platform layers to make sure that they are enabled, configured and operating correctly.”
As a final recommendation to address the vulnerability, Chenette adds: “By proactively identifying security vulnerabilities, companies reduce the probability of a vulnerability being exploited.”