Decrypted | Insights from Virtru to Unlock New Ideas

What Is Log4j, and What's Next?

Written by Editorial Team | Dec 29, 2021 10:55:37 PM

Following the Log4j vulnerability, organizations across industries have been working quickly to patch their software and take stock of whether their networks and data have been compromised. In the wake of Log4j, it’s urgent that organizations quickly take action to safeguard their most sensitive information, both in transit, in use, and at rest — whether that’s intellectual property, customer data, or regulated information such as ITAR, HIPAA, or CJIS data.

Log4j: What happened?

Because Log4j is so widely used, it’s important to understand exactly what the vulnerability is, how many organizations are affected, and why it’s so noteworthy.

What is Log4j?

Log4j is a hugely popular piece of open source code that is commonly used by more than 12 million Java developers as they work to build millions of software applications that underpin core business functions in every conceivable industry.

What happened to Log4j?

On December 9, 2021, a new vulnerability was discovered in the Log4j open source library. In the weeks following, several other vulnerabilities came to light, followed by subsequent patches to address these vulnerabilities. At the time of writing, on December 29, 2021, the following had taken place:

  • December 9: Original vulnerability disclosed and first patch (2.15.0) was made available
  • December 14: Second vulnerability disclosed and second patch (2.16.0) was made available
  • December 18: Third vulnerability disclosed and third patch (2.17.0) was made available
  • December 28: Fourth vulnerability disclosed and fourth patch (2.17.1) was made available

Why is the Log4j vulnerability so dangerous?

As CISA director Jen Easterly said, “Log4j is the biggest security crisis in the history of the internet.” Why is this true? There are three simple reasons: it’s ubiquitous, it’s severe, and it’s simple to exploit.

  • Ubiquity: The vulnerable Log4j code is embedded in millions of software applications.
  • Severity: The Log4j vulnerability is classified as a Remote Code Execution (RCE) flaw, making it the most dangerous type of software bug there is. RCE vulns allow a malicious actor to do whatever they want and execute any code of their choice on a remote machine over the internet.
  • Simplicity: The Log4j vulnerability is remarkably simple to exploit, which, combined with its ubiquity and severity, make it a significant threat to organizations of all sizes and across all industries.

Has Log4j been implicated in any breaches?

  • Confirmed: Thus far, Log4j has been acknowledged as the exploit path in one high-profile breach at the Belgium Defense Ministry.
  • Suspected: Log4j is suspected, but not yet confirmed, as the exploit path associated with several other large-scale ransomware attacks, including Kronos and Brazil Ministry for Health.
  • Expected: Numerous indicators suggest that Log4j will be implicated again and again in the coming weeks, months, and even years. Nick Biasini, Head of Research at Cisco Talos, said, “It’s only a matter of time before we see more ransomware attacks due to Log4j.”

What’s next?

Once organizations have taken the immediate action of patching their software applications, it’s important to take a broader assessment of data across the organization, and whether it’s well-protected enough to withstand other vulnerabilities or breaches in the future.

How can organizations mitigate Log4j risk?

Due to the Log4j zero-day crisis, the world is now guaranteed to experience a significant increase in ransomware and cyber crime aimed at stealing sensitive data. Microsoft researchers report that they have seen hackers exploit the vulnerability to install crypto-miners, steal passwords and logins, and exfiltrate and ransom data. In light of this sobering reality, there are four steps that organizations can take to mitigate risks:

  • Keep eyes open for signs of breach (Extended Detection & Response, or XDR)
  • Update network config and firewall rules (Web Application Firewalls, or WAFs)
  • Patch vulnerable libs in production apps (Software Bill of Materials, or SBOM; and Software Composition Analysis, or SCA)
  • Encrypt sensitive data everywhere it moves (Trusted Data Format (TDF), equipped by Virtru)

What’s the fastest and best way to protect sensitive data from Log4j risk?

The highest priority for every organization should be to encrypt their most sensitive data as quickly as possible. Should firewalls or other network protections fail, encryption at the data level helps ensure that your most important assets remain protected, regardless of the environment where that data travels.

Data-level encryption — wrapping each individual file or data element in its own layer of protection — provides confidence that, even if the network where the data travels is compromised, the data itself remains inaccessible by a malicious third party without the keys to access it. Virtru’s Trusted Data Format (TDF) provides end-to-end encryption that travels with the data, at all times — even after it’s shared — and gives the data owner complete control over that information, wherever it travels. This includes the ability to revoke data access or change access privileges at any time.

What’s the fastest and best way to encrypt sensitive data?

Virtru is. With quick deployments and encryption capabilities that span across your software ecosystem (including Google Cloud, Microsoft 365, and SaaS apps such as Salesforce), we stand ready to help your organization quickly and strategically deploy encryption to safeguard your most vital asset — your data.

Discover how your organization can bolster confidence and breach readiness with Virtru’s end-to-end, data-centric encryption. Contact Virtru today to start the conversation.