On the front foot with the Log4Shell vulnerability
The Log4Shell vulnerability was headline news around the world towards the end of 2021. According to some experts, it represented the most serious security flaw they had ever seen.
The vulnerability was discovered in the Log4j Java-based logging utility, a near-ubiquitous software logging library that records numerous activities that go on under the hood in a wide range of computer systems. Compounding the severity of the vulnerability was how easily attackers could exploit it. To date, there have been thousands of exploitation attempts.
The vulnerability could allow attackers to execute commands on application servers and, as a result, get access to secure systems and take control, plant malware or destroy server environments. It could also allow attackers to steal email addresses, usernames and passwords from secure servers.
Breaches like these are of particular concern to not-for-profits who typically hold a large volume of personal and/or sensitive data, including clients’ personal information and, in some cases, medical or casework records.
How we responded to the Log4Shell threat
The Infoxchange IT Services team sprang into action as soon as the Log4Shell threat was announced.
Our engineers started with monitoring and scanning servers and client workstations, followed by a deep review of managed client infrastructure for any potential risk exposure. We updated Ubiquiti UniFi controllers with two successive Ubiquiti patches, implemented FortiGate-provided rulesets on routers and addressed vulnerable utilities identified on servers and workstations under our management.
We provided our clients with essential information and an action plan to follow, detailing general risks and highlighting the team’s actions to mitigate potential threats.
Our team also detected exposure points through third-party applications on client systems and contacted them to let them know of the issue. These clients were advised to contact their application providers and request urgent updates to avoid any vulnerabilities.
Security is the top priority when serving our customers
We take threats such as this incredibly seriously, and through our proactive actions and communications, we were able to take steps to protect our customers before many of them even became aware of Log4Shell.
To read more about the Log4Shell vulnerability and some steps to mitigate implications, read 2021-007: Log4j vulnerability – advice and mitigations from the Australian Centre for Cyber Security.