Do you have a question? Want to learn more about our products and solutions, the latest career opportunities, or our events? We're here to help. Get in touch with us.
Do you have a question? Want to learn more about our products and solutions, the latest career opportunities, or our events? We're here to help. Get in touch with us.
We've received your message. One of our experts will be in touch with you soon.
Gaps in security and weaknesses are what threat actors feed off, and the latest vulnerability to catch their attention is in Apache Log4j, making it possible for a remote attacker to take control of an affected system.
With the number and severity of cyber-attacks on the increase, the latest news of the Apache Log4j vulnerability is yet another reminder that being alert and responsive is the key to cybersecurity – and the only way to protect your business and your people.
So far only a handful of organisations have identified that the weakness is being exploited, but companies need to act now to implement the patch that has been provided to minimise their risk of exposure.
In laymen terms, Apache Log4j is the glue that many applications rely on to translate activity to other applications. It is deeply embedded within applications and operating systems so, while the name may not be widely recognised by customers, it is integral to some very important business operations across all industries.
In the normal course of things, you wouldn’t need to know about Apache Log4j - just like you don’t typically need to know anything about the glue your builder uses - but that glue now has a demonstrated weakness, and we need to understand and fix it.
A hacker injects malicious code string into the environment that will eventually get logged by Log4j. This exploitation of the system lets an attacker load arbitrary Java code on a server, allowing them to take full control of that device at some later point in time.
Once a malicious actor has obtained control, your world becomes their oyster. The open door provides access to your infrastructure, your people, your customers, and potentially their personally identifiable information (PII).
Apache rates this vulnerability as “critical” in severity and have advised users to apply patches and mitigations as they are published.
The most critical step is to act now.
Our teams are recommending that all organisations take a risk-based approach and focus on those systems that are accessible to the internet in the first place. Your internal systems may also be vulnerable to attack under certain scenarios.
Practical steps your organisation should take today:
We know this is far from a one-off incident and new attacks are emerging more frequently. The best way your organisation can protect itself is to be proactive about your security practices and to stay informed and alert to new threats.
Here are some practices you need to maintain:
Right now, our Datacom cybersecurity and support teams are actively monitoring customer environments and taking proactive steps to manage and minimise the Apache Log4j threat. We’re encouraging any organisation that has concerns or requires assistance, to reach out for help. Our goal is to keep organisations safe and secure. Which is why we want all organisations, regardless of whether they are our customers or not, to take proactive steps to protect themselves.
Looking beyond Apache, it’s important that all organisations remember that cybersecurity is not a set and forget exercise. New threats are constantly emerging and cybersecurity is an issue that requires your organisation’s ongoing attention.