Search

Log4Shell Cyber Threat: BreachBits Response & Integration

Details of a new threat to hundreds of software vendors was made public that could allow attackers to easily gain access to millions of affected systems across the Internet. Results vary widely: this could disrupt critical business functions, expose organizations to data loss or ransomware threats, or it might not have a significant impact. As a part of our continuous service to help businesses stay ahead of attackers, BreachBits has analyzed this threat and has developed detection and testing capabilities for immediate integration in our BreachRisk™ service.


Exploiting Log4Shell in vulnerable exposed software is trivial for attackers, requiring very little technical skill...

Background

On December 10, 2021, details of how attackers can exploit this zero-day vulnerability, dubbed Log4Shell, in Apache’s Log4j software library was publicly announced.


Apache’s Log4j software library is used many commercial software products in the market today, and makes it easy and efficient for developers of these products to collect, manage and process the logs that these software products produce to help understand how the software is performing.


The vulnerability can affect each of the software products that use the Log4j library, but individual software vendors are still racing to understand the full impact of this threat. Exploitation of the vulnerability may have been occurred as early as December 2nd, but the speed and scope of attackers searching for affected systems is growing quickly. The threat is being tracked by the National Vulnerability Database as CVE-2021-44228, with the highest severity score possible of 10.0.


As a part of our continuous process, BreachBits has analyzed this threat and is developing detection and testing capability for immediate integration in our BreachRisk™ service.

Exploiting Log4Shell in vulnerable exposed software is trivial for attackers, requiring very little technical skill and allowing unauthenticated access to vulnerable hosts, where attackers can access exposed data or pivot to internal networks. The ease of this attack will likely lead to adoption by ransomware threat groups in the coming weeks or months.


What we are doing

We provide our BreachRisk™ for Business and BreachRisk™ Portfolio customers continuous threat detection and testing services for threats just like Log4Shell. Our job is to answer these questions for our clients:

  • "Does this threat affect me?"

  • "If so, where am I affected?"

  • "How does this affect my overall cyber risk profile (i.e. my BreachRisk Score)?"

  • "Where does this threat stack up against other ongoing cyber threats?"

  • "How will I know when the situation is handled?"

As a part of our routine process, we have worked tirelessly since the announcement of Log4Shell to integrate capabilities to match this threat. Our automation and A.I.-based systems are designed to accept rapid development for threats such as these. We don't just report technical data, we put the threat into context using BreachRisk™ Score and BreachRisk™ Report.


As details of affected software products continue to become available, BreachBits will also continue to update and refine our BreachRisk™ solutions to identify exposed vulnerable software. BreachBits will continue to initiate new BreachRisk™ assessment cycles for customers when new affected software is released publicly to help our customers stay ahead of attackers.


What You Should Do

If you are a BreachRisk™ customer, we are already helping your team do these things and you should review this list. If you are not a BreachRisk™ customer, you should do the following:

  1. Identify if the threat is present on your systems.

  2. Pinpoint where you are affected.

  3. Consider how your business would be impacted if the affected element were to be shut down, breached, or taken over by an attacker.

  4. Determine if this risk is significant enough to divert resources from other efforts, and make a decision to attempt a fix or not.

  5. If you attempt to fix, follow up to verify the fix was applied. You may need to repeat this cycle as more information emerges.

According to the Microsoft Security Response Center, one initial technical fix involves updating the Apache logging library (Log4j) to v2.15.0+, but our initial efforts indicate that this might not fix all concerns. Now that the vulnerability is public, be on the lookout for further guidance from software developers and security firms.


What We've Told Our Clients

We have integrated early detection and testing methods for all clients. Here is the notice we have sent to all existing clients so they are reminded of the process. We believe this helps our clients avoid panic, quickly understand risk, and quickly make efficient business decisions related to their specific situation.


What's Next

We are already searching for and testing the attack surfaces of our clients for this threat. BreachBits will continue to monitor the situation and update the Log4Shell threat vector identification capabilities into our continuous monitoring and testing solutions. As BreachBits discovers vulnerable hosts, we will reach out to the affected customers to notify and provide support as required.

Now that the vulnerability is public, be on the lookout for further guidance from software developers and security firms.

Due to the nature of our technology, our AutoIntelligent Persistent Threat Engine can easily check for this threat across hundreds of thousands of clients for decades to come.