Connect with us

Hi, what are you looking for?

Tech & Science

Security expert insights: Log4j endemic vulnerability

These layers are intended to help catch, quarantine, and clean up any security incident.

Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images
Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images

The U.S. Department of Homeland Security’s Cyber Safety Review board has reported on Log4j becoming an endemic vulnerability. Log4j is used by developers to keep track of what happens in their software applications or online services.

However, the software has a flaw. The Log4j issue allows attackers to execute code remotely on a target computer, which could let them steal data, install malware or take control. For instance, exploits discovered recently include hacking systems to mine cryptocurrency.

Weighing in on this subject matter for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Stephan Chenette explains the impact of this threat upon IT systems around the world and in the U.S.: “Log4j has strained normal security operations and teams, and in December 2021 led the U.S. Cybersecurity and Infrastructure Agency (CISA) to release guidance and an emergency directive requiring government agencies to patch the vulnerability and urging the private sector to do the same.”

Despite a higher profile, the issue has not gone away, as Chenette points out: “Still, today attackers are continuing to exploit exposed Log4j vulnerabilities to get a foothold into unsuspecting organizations, then use that foothold to campaign an attack.”

There are measures that can be taken and lessons can be drawn from the practices of the leading firms, notes Chenette: “That is why organizations must prioritize the vulnerabilities that matter most and elevate their security performance through continuous testing, using the MITRE ATT&CK Framework as a basis.”

A combination approach to cybersecurity is what is needed, says Chenette, noting: “Offensive defense using attack simulations give enterprises the visibility of potential protection failures before attackers can capitalize on them.”

This leads to the recommendation: “Organizations should have a layered defensive security program that is inclusive of appropriate security architecture, logical boundaries, segmentation, endpoint hardening, isolation, containerization security, network and endpoint surveillance, and most importantly, tested detection and incident response processes.”

Chenette  adds that the benefits of this are: “These layers are intended to help catch, quarantine, and clean up any security incident that may take place before the real damage is done. Organizations should implement continuous security validation (CSV) systems to assess the viability of their layered security platform layers to make sure that they are enabled, configured and operating correctly.”

As a final recommendation to address the vulnerability, Chenette adds: “By proactively identifying security vulnerabilities, companies reduce the probability of a vulnerability being exploited.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Cybersecurity tip: identify vulnerabilities and stop threats across the breadth of the network.

Tech & Science

We are approaching the final countdown to the Crew-5 Mission to the International Space Station at 12 p.m. EDT on Wednesday.

Business

One solution many aren’t thinking about is tapping their employees to be their biggest brand ambassadors.

Business

Elon Musk is reported to have told Twitter he will go through with buying the tech firm, just two days before he was to...