The Log4j Zero Day Vulnerability: How To Protect Your Business

Log4j Vulnerability Zero Day Attack

We’ve been waiting for something to break through the doom and gloom news around the Omicron variant – but this wasn’t what we had in mind. The Log4j Zero-Day Vulnerability is a real threat to your organization’s cyber security. Here’s what you need to know.

What is Log4j?

Apache Log4j is an open source library of Java code used by other software to log activities and events on websites, servers, computers or other devices. This includes Google, Apple, LinkedIn, Twitter, Amazon and other tech titans.

The Log4j vulnerability is actually not one, but a set of four zero-day vulnerabilities. The number of vulnerabilities isn’t as important as their severity and two of the Log4j cyber security risks are at the top of the charts, with a 10/10 and 9/10 Common Vulnerability Scoring System (CVSS) score.  Well-known cybersecurity expert Amit Yoran, chief executive of network security firm Tenable and the founding director of the U.S. Computer Emergency Readiness Team  (CERT), said: “The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade.”

Why is Log4j so dangerous?

The Log4j vulnerabilities allow an attacker to inject malicious code into a system, which is called remote code execution (RCE).  Any publicly accessible system using an unpatched version of Log4j (websites for example) is at high risk because threat actors could exfiltrate data and/or deploy malware. There are four factors that make the Log4j vulnerabilities especially dangerous:

  • It is (almost) everywhere. Log4j is used in a LOT of software and systems. W3Techs estimates that 31.5 percent of websites use Apache, and BuiltWith reports that more than 52 million sites use it. If most vulnerabilities are the equivalent of stepping into the shower, Log4j is a monsoon.
  • It’s not easy to tell if you have it. Forget about determining whether your Log4j  vulnerability has been exploited, it’s not even easy to know if you are using Log4j on your system. It’s packaged inside other components and likely won’t show up on a list of specifications.
  • Your child could exploit this vulnerability. That’s not an exaggeration – it’s a simple cut and paste of code, little to no technical knowledge is needed.
  • It bypasses authentication. The logger can interpret a text-based log message as a URL from which malicious code can be retrieved and executed.

What does the Log4j exploit do?

Because it allows for RCE, the code injected into your system can do pretty much anything the attacker wants it to. There have been reports of the vulnerability being used to load bitcoin mining software onto servers or even launch ransomware. Stay tuned and we will keep you posted on future developments.

Is my system at risk?

Assume it is. After all, with a vulnerability this widespread, chances are you have at least one product or service that uses an Apache Log4j library. Services using Java components are impacted (Java, not JavaScript – that’s a different animal). Exploits are less likely behind your firewall, but still possible. The bulk of the risk is for any services directly exposed to the internet 

Intrust clients don’t need to guess. We are proactively scanning your environment to find any Log4j instances or vulnerabilities. As we do with all cyber security risks, we’ll work with your leadership and our technical experts to determine the appropriate mitigation steps for each case.

Is the Intrust IT stack impacted?

The Intrust application stack is continuously monitored and patched. There is no current risk of Log4j vulnerabilities.

How can I protect my business?

The industry has been working around the clock to develop and release patches to eliminate Log4j vulnerabilities in their products and services. Many patches have been released and more are in progress. For an idea of the scope, check out this running list on github. The most important thing you can do for your business is to monitor for these releases and implement them as soon as they become available. 

It is also important to make sure you have a solid IT infrastructure and cyber security system in place to identify and mitigate any risks that arise. The Log4j vulnerabilities aren’t new – it’s just that someone recently found a way to exploit them. Like most zero-day vulnerabilities, it’s been out there for years – unknown until someone found a way to exploit it.

Intrust IT customers with questions or concerns should contact their Client Success Manager or open a support ticket

Not an Intrust client? Having the right IT partner can take these issues (and the worry that goes with them) off your plate. To learn about our managed IT and cyber security solutions, contact us or book a meeting

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...