Log4J: What it is and why it matters
2021’s Biggest Cybersecurity Incidents & Breaches
What is Log4J? “Log4j is an open-source logging framework that allows software developers to log various data within their application and it is part of the Apache Logging Services, a project of the Apache Software Foundation.”- Medium, Log4J for Dummies. What is the Log4J vulnerability? The Log4J zero-day vulnerability, also known as Log4Shell and LogJam, was tracked as CVE-2021-44228 starting December 9, 2021 and was discovered by researchers on the
Alibaba Cloud Security Team. The vulnerability was available for a week prior to discovery and allowed an attacker to “gain control of a computer with a single line of text.” It was easy to to recreate, as demonstrated by John Hammond when he applied this exploit to Minecraft on his You Tube Channel. Why is the Log4J vulnerability such a big deal? Because Log4J is used in countless applications and websites the vulnerability was widely distributed. Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) has stated the Log4J security flaw is the “most serious security flaw” she has “seen in her decades-long career” and we may still be mitigating this vulnerability for “months, even years.”- CNBC Interview, December 16, 2021 What is the latest Log4j patch? Multiple patches were released to address the Log4j vulnerability. The latest version is 2.17.1 and can be found on the Apache Log4j 2 page. What mitigation resources are available? CISA reacted quickly when this vulnerability was uncovered and created an Apache Log4j Vulnerability Guidance webpage that includes technical details, mitigation guidance, an ongoing list of impacted products and devices, detection rules and additional resources. What K12 specific resources are available? ParticipatingRICOneData Privacy andSecurity service subscribers can login to riconedpss. org to access Digital Blast #196- Log4Shell Zero-day Vulnerabity that includes multiple updates on Log4J. K12 SIX also has crowdsourced a Google Sheet to track the status of commonly used K12 software products.
7 High-Profile Cyber-Incidents in 2021 While it comes as no surprise that the most “impactful” incident of 2021 was the Log4j vulnerability there were other significant cyber incidents that occured last year that made our federal government take notice. The Colonial Pipeline Attack The US Colonial Pipeline attack last May disabled the 5500 mile pipeline and disrupted distribution of “millions of gallons of fuel and triggered temporary gas shortages across a large section of the US East Coast.” Kaseya Supply Chain Attack Early last July customers that use Kaseya’s IT management software were ransomed after attackers exploited vulnerabiltiies in Kaseya’s Virtual System Administrator (VSA) technology. Exchange Server (ProxyLogon) Attacks Microsoft disclosed that a vulnerability was being exploited that gave attackers “unauthenticated remote access to Exchange Servers.” PrintNightmare PrintNightmare was the nightmare reminder of the inherent risk embedded in Microsoft’s Print Spooler technology. The vulnerability allowed attackers to “remotely execute malicious code on any system where the vulnerability was present.” Accellion This zero-day vulnerability impacted multiple countries around the world, including the US and Canada, and was found in Accellion’s “obsolete File Transfer Appliance Technology” that was used by many organizations to transfer large files, internally and externally.
Florida Water Utility Hack This attack on a water treatment facility in Florida is a striking example of how critical infrastructure is vulnerable to cyber attacks. The attacker tried to ‘poison the well’ by raising the level of lye. Thankfully the intrusion was discovered in time and the attacker was unsuccessful. Read more about each of these attacks here: Dark Reading: 7 of the Most Impactful Cybersecurity Incidents of 2021 2021’s Biggest Data Breaches ZDNet breaks down the biggest hacks and data breaches of 2021 month by month in their security publication “The biggest data breaches, hacks of 2021.” We already covered several of them (Log4j, Exchange, Kaseya) but there are other big hacks and breaches that made the list, such as JBS USA in June and Robinhood in November. The Identity Theft Resource Center (ITRC) released their U.S. data breach findings in October 2021 and their analysis showed the number of data breaches executed by Q3 of 2021 exceeded the previous year’s (2020) totals by 17 percent. In addition, “cyberattack- related data compromises” increased by 27 percent, with “phishing and ransomware” as the “primary attack vectors.” You can access the full Identity Theft Resource Center 2021 Q3 Analysis using this link.
Data Privacy & Security Service, Issue 24
Page 1 Data Privacy & Security Service, Issue 24
Page 2
Made with FlippingBook Annual report maker