The Log4j flaw ranks among the most widespread and high-profile cybersecurity vulnerabilities. It’s likely to remain a challenge for months, if not years.
Many vulnerabilities go unnoticed by the general public, but this one is making headlines on CNN, so it’s something that company executives and directors will be asking about.
Industrial organizations should address this new threat now to protect their plant-floor assets from malware that could expose sensitive data, interrupt operations and sap system resources. Early reports indicate that malicious actors are using the vulnerability, in some cases, to force targeted systems to serve as cryptocurrency mining machines.
“With one line of code, this vulnerability can allow someone to remotely introduce malware into your network environment.”
Industrial organizations need to implement a strategy that starts with patching where possible, but then goes far beyond that.”– Scott Christensen, GrayMatter’s Cybersecurity Practice Director
Log4j is a simple, open-source Java library tool maintained by The Apache Software Foundation. It’s designed to log error messages.
Java is ubiquitous. It has been around since 1995 and remains among the most popular programming languages in the world. The flaw allows a malicious actor to turn the error-logging tool into an open door to a target’s network, where the actor would be able to remotely execute code and take over control of a vulnerable system.
You or your team are probably already doing some of these things, and you’ve probably read plenty about the Log4j vulnerability.
The four strategies below are intended to reinforce and amplify the best practices you already have in place. Below that are some additional resources from GrayMatter and GrayMatter partners who specialize in helping secure OT environments in water/wastewater, food and beverage, oil and gas, iron and steel production, energy, CPG and many other types of manufacturing.
Software companies worldwide are releasing patches to eliminate the Log4j vulnerability.
But patching only prevents your system from being attacked again. It doesn’t remove malware that an attack might have already delivered.
It’s also wise to document who installed a patch, as an attacker could install a patch to cover their tracks.
Once you’ve identified assets that can’t be patched, monitor them for unusual network activity or behaviors such as abnormal database access requests, file changes and decreased network performance.
Make sure you have external compensating controls in place around your systems whether or not they’ve been patched.
This can be a combination of firewall, alerting and incident response policies that heighten your organization’s overall security.
This incident shows why a layered approach to cybersecurity is critical.
The Log4j flaw can compromise firewalls because firewalls are just like any other computer asset. That’s why a firewall must not be a single point of failure.
*New: LOG4j Vulnerability Guide
GrayMatter’s OT Cybersecurity Portfolio
Defense-in-Depth Strategy Webinar Series
What’s in a GrayMatter Cyber Briefing
Web app scanning from Tenable – Contact GrayMatter for free trial
Apache Log4j2 – The Apache Software Foundation