The Log4j flaw ranks among the most widespread and high-profile cybersecurity vulnerabilities. It’s likely to remain a challenge for months, if not years.

Many vulnerabilities go unnoticed by the general public, but this one is making headlines on CNN, so it’s something that company executives and directors will be asking about.

Industrial organizations should address this new threat now to protect their plant-floor assets from malware that could expose sensitive data, interrupt operations and sap system resources. Early reports indicate that malicious actors are using the vulnerability, in some cases, to force targeted systems to serve as cryptocurrency mining machines.

“With one line of code, this vulnerability can allow someone to remotely introduce malware into your network environment.”

Industrial organizations need to implement a strategy that starts with patching where possible, but then goes far beyond that.”

– Scott Christensen, GrayMatter’s Cybersecurity Practice Director

Why It’s So Widespread

Log4j is a simple, open-source Java library tool maintained by The Apache Software Foundation. It’s designed to log error messages.

Java is ubiquitous. It has been around since 1995 and remains among the most popular programming languages in the world. The flaw allows a malicious actor to turn the error-logging tool into an open door to a target’s network, where the actor would be able to remotely execute code and take over control of a vulnerable system.

What You Can Do

You or your team are probably already doing some of these things, and you’ve probably read plenty about the Log4j vulnerability.

The four strategies below are intended to reinforce and amplify the best practices you already have in place. Below that are some additional resources from GrayMatter and GrayMatter partners who specialize in helping secure OT environments in water/wastewater, food and beverage, oil and gas, iron and steel production, energy, CPG and many other types of manufacturing.

1. Patch Where You Can

Software companies worldwide are releasing patches to eliminate the Log4j vulnerability.

But patching only prevents your system from being attacked again. It doesn’t remove malware that an attack might have already delivered.

It’s also wise to document who installed a patch, as an attacker could install a patch to cover their tracks.

2. Identify Non-Patchable Assets

Once you’ve identified assets that can’t be patched, monitor them for unusual network activity or behaviors such as abnormal database access requests, file changes and decreased network performance.

3. Implement Continuous Monitoring Strategy

Make sure you have external compensating controls in place around your systems whether or not they’ve been patched.

This can be a combination of firewall, alerting and incident response policies that heighten your organization’s overall security.

4. Evaluate Defense-in-Depth Strategy

This incident shows why a layered approach to cybersecurity is critical.

The Log4j flaw can compromise firewalls because firewalls are just like any other computer asset. That’s why a firewall must not be a single point of failure.

Contact GrayMatter to:

• Conduct an OT Cybersecurity Assessment

• Try a Free Log4j Vulnerability Scanning Tool from our partner Tenable

• Examine and Remediate Firewall Policies

• Assess System Access Controls

• Expand Use of Network Monitoring Tools

Additional Resources

*New: LOG4j Vulnerability Guide

GrayMatter’s OT Cybersecurity Portfolio

Defense-in-Depth Strategy Webinar Series

What’s in a GrayMatter Cyber Briefing

FortiGuard Outbreak Alert

Web app scanning from Tenable – Contact GrayMatter for free trial

Apache Log4j2 – The Apache Software Foundation