On December 9th, 2021, the security community became aware of active exploitation attempts of a vulnerability in Apache Log4j. This new vulnerability left many people wondering, what questions do I need to ask my IT experts? Log4j is used across various products and services. From Apache products like Struts, Solr, and Flink to security products like ElasticSearch, Logstash, Kafka, and even Minecraft servers. Log4j is used in a wide range of everyday life and complex software. So much so that this particular security threat is impacting major services and applications on a global scale. Even major news stations have given it more than the standard "15 minutes of fame."
As a leading cloud hosting provider, it's our job to always protect our client's data to the best of our ability. Still, it's also our responsibility to pass on knowledge and experience to people and businesses outside of the Summit Hosting family in times like this. Hosting providers, IT departments, and Managed Service Providers alike have been scrambling to investigate the vulnerability since the CVE was first opened. As investigations continue and questions about this vulnerability are raised, here are our top 5 questions you should be asking if Log4J has impacted you or your business:
- Who is leading our response team, and what is their action plan?
- Is any part of our technology (hardware and software) at risk of exploitation?
- What is the potential scope of data bad actors (hackers) could touch should they get in?
- What is the level of access needed to exploit the risk?
- Is there an available patch if a system, sub-system, or software is found to be at risk?
In the case of Summit Hosting, our Security Operations team began their investigation by running AI (artificial intelligence) scans. These scans first targeted all installed software in our networks, looking for the digital fingerprint of software leveraging Log4j. We then turned our attention to the inner workings of our entire technology stack. We continued digging until all five questions above were answered in detail. To ensure you and your business are protected, be sure to ask the questions above and don't settle for anything less than detailed, specific answers. Regardless of whether you're in the cloud or just working from a local workstation and network, these questions and their answers can help keep your data in the right hands...yours.
If you are a small or medium business without professional IT help, we recommend reviewing your software to find any that the Log4J vulnerability may compromise. Contact the vendors of your software(s) and keep open communication channels to receive any updates on newly found exposures and risks. If your software vendors have discovered any exposure to this vulnerability, ask about patches and how to perform them to keep your data safe. Lastly, stay in touch with the cybersecurity community and follow along with any new developing vulnerabilities. Open forums such as Reddit or news sites such as Threatpost can be great tools to help keep you informed about current threats. The threat landscape changes drastically from day to day, so being aware of current cybersecurity issues is crucial to any business's survival, regardless of size.
Summit Hosting's Security Operations team is always here looking out for you and the safety of your data. We take security with the highest level of seriousness. We are committed to doing everything possible to keep your critical data secure. If you have been impacted by the Log4J vulnerability and are looking to move to a secure cloud hosting provider, contact one of our hosting specialists today. Ask us how Summit Hosting does MORE to keep your data safe and see how our team can help your business navigate an ever-evolving threat landscape.