About the Threat
On December 9th, the most critical zero-day exploit in recent years was discovered affecting most of the biggest enterprise companies impacting the Apache Log4j Java-based logging library. This vulnerability is also known as CVE-2021-44228 which has a CVSS (Common Vulnerability Scoring System) score of 10, which is the highest risk possible; the exploitation will allow a remote and unauthenticated threat actor to take control of systems with vulnerable versions of Apache Log4j.
Actions Being Taken by Difenda
- Difenda is conducting threat hunting activities in effort to identify exploit patterns. As additional intelligence is discovered these hunts are being enhanced and replayed to ensure we are providing up-to-date detections.
- Difenda SecOps and RIR teams are working around the clock to stay on top of the emerging Log4j attacks worldwide, as this is an evolving situation.
- At the time of this reporting, Difenda has not identified an impact to our products. However, our teams are thoroughly reviewing systems and will be taking appropriate action as needed. We will provide additional updates here on new information and protection details as it becomes available. Further guidance will be provided as we continue to learn more from our investigations.
Mitigation or Remediation Actions You Can Take
- It is critical to determine where the Apache Log4j software may be in use within your environment and apply the patch by updating to version 2.15.0 immediately on these systems.
- If patching is not possible at this time, there are several workarounds available to help mitigate the potential impact of this vulnerability.
- Microsoft has documented several workarounds available for most Log4j deployments, as well as mitigations applicable to Microsoft technologies that are leveraging these features. Details from Microsoft can be found at the link below:
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Ensure all firewall and IPS system systems in-place are up-to-date with the latest detection signatures, and are configured appropriately to block these events when detected.
- Follow and review vendor advisories as many 3rd party software vendors also utilize the Log4j application within their software and services.
- If you believe your system may have been compromised or otherwise affected by this vulnerability, please contact the Difenda team immediately.
About Difenda
Difenda is a privately held SecOps-as-a-Service company founded in 2008. It delivers 24/7/365 security operations backed by modernized PCI, SOC 2 Type II, and ISO 27001 certified Cyber Command Centers (C3). Difenda’s managed practice is powered solely on the Microsoft Security product platform and it holds the Gold Security Service Provider certification and an Advanced Specialization in Threat Protection with Microsoft. Alongside a fully integrated, modular platform, it provides a range of advisory and offensive security services to complement customer driven outcomes.