Security
Vulnerability in Log4J: the National Cyber Security Center (NCSC) rings the alarm bell

Vulnerability in Log4J: the National Cyber Security Center (NCSC) rings the alarm bell

What is Log4j and are you affected?

There is a major security risk for businesses due to a serious vulnerability in Apache Log4j. That is the piece of software used in web applications and systems that run with Java. The piece of software takes care of logging data. Chances are, companies are using it unknowingly. Because it has been used around the world for 20 years, the risk occurs internationally and has a huge impact. The vulnerability came to light on Friday, the 10th of December 2021 with the name Log4Shell or CVE-2021-44228. A few months ago, we thought the Hafnium Hack had the biggest impact. This incident proves otherwise.

A small application with a big impact

According to the NCSC, on a scale of 1 to 10, the impact would be rated a score of 10. So the impact is enormous and that became clear when it was announced that the Belgian Ministry of Defense had fallen victim to the Log4j vulnerability. Part of the network was down for several days and mail traffic was also disrupted. This cyber incident is causing international concern. Who will be the next victim and how big will the final impact be? 

The approach of the hackers

Through the vulnerability, they are able to remotely inject code and then execute it. This is possible because they use permissions within Java. Hackers are currently taking full advantage to install coin miners and malware, among other things. That’ s not the end of it. State hackers are aware of the leak. Charming Kitten, a hacker group with connections to Iran, used the log4j vulnerability to attack Israeli government sites.

What can you do to protect your business?

The best advice we can give is to make sure the latest patches are installed to fix the vulnerability. Not sure if your systems are using Log4j? Then be sure to discuss it with your software vendor or Managed Service Provider.

We recognize the need for strong security in a modern workplace. That’s why we value proactivity to mitigate risks. At Safe-Connect, we took immediate action by updating our customers’ systems and then notifying them.

If you have any further questions regarding the Log4j incident or would like to get assurance about your system, please feel free to contact us. We will be happy to help you.

Contact us