Critical cyber threat: secure your IT system as soon as possible

16 December 2021 / Insight posted in Article

Reports are coming in of a newly detected weakness, or vulnerability, in software that most organisations around the world use. As the vulnerability is so widely known, cyber criminals are already scanning for it across the globe and seeking out organisations that are exposed.

The software is Java and the vulnerability is in the Log4j package developed by the Apache Foundation.

Reuters reports: “The Apache Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade,” said Amit Yoran, chief executive of Tenable, a network security firm, and the founding director of the U.S. Computer Emergency Readiness Team. Read full insight.

Urgent action needed

The government organisation the National Cyber Security Centre publishes this security threat as high, therefore we advise you to:

  • Contact your IT team or IT provider. They will understand the jargon if you don’t.
  • Get them to check whether your organisation uses Java along with the Log4j package.
  • Ensure they apply security patches as soon as possible.
  • Contact us at Moore ClearComm if you require immediate support.

What is the threat?

The vulnerability has the potential to enable cyber criminals and attackers to access your IT systems. This would allow them to deploy cyberattacks on your organisation, such as ransomware, viruses and even bitcoin mining activity. This is a global exposure, and we advise you to review your organisation’s cyber defences and take steps to mitigate the risk.

This vulnerability is likely to be present in many organisations in some way, especially where server infrastructure is internet facing.

What is Log4j?

Log4j 2 is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency.

This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

The Log4j 2 library is frequently used in enterprise Java software and is part of Apache frameworks including:

  • Apache Struts
  • Apache Solr
  • Apache Druid
  • Apache Flink
  • ElasticSearch
  • Flume
  • Apache Dubbo
  • Logstash
  • Kafka
  • Spring-Boot-starter-log4j2

Other large projects including Netty, MyBatis and the Spring Framework also use the library.

Peace of mind

To protect your organisation properly, we recommend you acquire Cyber Essentials certification which has numerous benefits.

Moore ClearComm provides a wide range of data protection and cyber security consultancy services, designed to secure your organisation and support your compliance with data protection legislation.

To speak to one of our specialist advisers, contact us today.

Telephone: 020 7566 4000