On December 10, a cybersecurity vulnerability was discovered in a logging package for Java. This vulnerability is considered very dangerous for organizations because it is embedded in many different software packages and even on some hardware. If a cyberattacker were to exploit this vulnerability, then they could execute code within your servers that can lead to a full systems compromise.
We’ve distilled a few of the most important points about this vulnerability along with what you can do to protect yourself from future vulnerabilities, even if this particular vulnerability doesn’t directly affect you.
Java Log Utility Vulnerability Facts
- This is a serious vulnerability because many applications use the logging package: While the logging package sounds extremely technical, note that it’s a serious vulnerability because so many software packages (and some hardware packages) use it.
- Hackers could exploit this vulnerability to compromise your systems: This means a cyberattacker could install malware, corrupt or delete your data, or create a new account that they can use to access your systems.
- Cybercriminals are already exploiting this vulnerability: Threat intelligence reports indicate that cyberattackers are already performing wide internet scans looking for vulnerable servers to exploit.
Zero day vulnerabilities such as this show the importance of creating a cybersecurity strategy to respond nearly instantaneously to such threats before hackers strike. Because these vulnerabilities can seem to come from out of nowhere, you don’t want to panic. How can you prevent against an unknown threat? There are a few ways.
- Deploy Endpoint Detection and Response (EDR) in your environment: This tool is focused on a single “endpoint device” (such as a server or computer). In this case, the presence of EDR could stop malicious code from executing on the system even if the vulnerability exists. This should not be considered a replacement for patching known issues, but it can buy critical time during zero day scenarios.
- Be ready to identify impacted systems: With this particular vulnerability, identifying impacted systems became more of a challenge due to the way that the logging software is embedded in such a variety of applications. It helps if you have inventories of your applications (including version numbers) so that you are ready to apply patches when they are available.
- Be ready to shut down services impacted by a vulnerability. Because a lot of information gathering needs to take place early on, it helps to sometimes shut down an impacted service until you understand more about the vulnerability.
- Have IT professionals work with vendors to apply patches. In this situation, there wasn’t one patch to easily apply to affected systems. IT professionals with cybersecurity and vendor management experience are needed to help patch complex vulnerabilities.
- Apply the Principle of Least Privilege to all systems and services. Setting access and authorization policies—such as the concept of “least privilege”—will help you restrict data access to only those with a need to use that data. Otherwise, there is a higher likelihood of a cyberattacker gaining access to your systems as an administrator.
- Limit access from the Internet: Most systems do not need to be accessible from the Internet. Organizations sometimes take shortcuts to make it “easy” on employees to access services. All systems should be placed behind a VPN. If it is absolutely necessary for a system to be internet-facing, it needs to be placed in a demilitarized zone (DMZ) to contain a potential breach.
- Conduct regular security scans: Security scanning helps identify vulnerabilities and holes that you can then fix.
VC3 continues to invest in tools and resources to minimize the risk of zero day vulnerabilities impacting organizations. As cyber threats continue to evolve, we continue to diligently work to stay ahead of the cyberattackers and provide tools that are consistent with guidance from industry best practices.
If you have any questions about this vulnerability or want to talk about your cybersecurity needs in an ever-changing, ever-evolving environment, reach out to us through the form below.