INCIDENT
On 09 December 2021, sources identified a significant security flaw within the popular online game Minecraft. The bug allowed attackers to change messaging settings that made the Log4j logging application connect to external addresses, allowing attackers access to the system.
Tracked CVE-2021-22448 (CVSS score: 10.0), the flaw concerns a case of remote code execution in Log4j, a Java-based open-source Apache logging framework broadly used in enterprise environment applications to record events and messages generated by software applications. Because Log4j is open source (free), it is used widely. Apache Log4j is part of the Apache Logging Project. By and large, usage of this library is one of the easiest ways to log errors, which is why most Java developers use it. Many large software companies and online services use the Log4j library: Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. The bug has scored a perfect 10 of 10 in the Common Vulnerability Scoring System (CVSS) rating system, indicative of the severity of the issue.
Since its initial discovery, intelligence suggests that the vulnerability has been built into Linux-based high speed robot networks (botnets), and is exploiting industrial controls, internet of things devices, and now, crypto mining systems.
Global Guardian has been actively monitoring this activity beginning approximately 24 hours before it was publicly announced, having received advanced notice from confidential intelligence sources. To date, we have blocked all known events for our current Cyber Security clients and are actively protecting all network and devices from this vulnerability through firewalls and secure workstation security software.
CORRECTIVE ACTION
The Cybersecurity and Infrastructure Security Agency (CISA) has provided Apache Log4j Vulnerability Guidance. To view, click here. In addition, we recommend:- You disallow any gaming in your environment and close all running instances of the game and the Minecraft Launcher. Users will need to start the Launcher again, following which the patched version will download automatically.
- Anyone with an application containing Log4j immediately pays attention to this vulnerability and ensure you have a web application firewall (WAF) installed. If you have any questions, contact our team today. Global Guardian can provide guidance on installing firewalls and securing your networks.
STANDING BY TO SUPPORT
The holiday season brings a rise in cybercriminal activity and cyberattacks, making it a critical time for organizations and individuals to stay vigilant and proactive in their defense systems. If you or your organization have any questions about your risk level, Global Guardian’s team is standing by to support with the following digital protection solutions:
- Managed Detection & Response, including Secured Workstation Endpoint Protection
- Physical Technology Assessments
- On-Demand Consulting, including incident response and post-breach services
- Threat Monitoring, including Digital Privacy Protection and Dark Web Assessments
If you or your organization have any questions about your risk level or would like to learn more about our solutions, please click below to get in touch with our team.
