Log4J: Identify and divert Remote Code Execution (RCE)

On December 09th, 2021, a serious vulnerability in Log4J, the most used Java-based logging library, was published: 

CVE 2021- 44228: An application using Apache Commons Configuration for its JNDI configuration enables attackers to utilize LDAP to load arbitrary Java code into memory. If the application allows user input to be substituted for JNDI name lookups, then an attack could substitute malicious values for JNDI names. 

Many Java-powered applications rely on log4J for logging purposes and are therefore vulnerable to threats exploiting the Log4J Remote Code Execution (RCE) vulnerability. Exploits for this bug have been published online and they’ve already been used in the real world. 

Impact on Metallic® ThreatWise™ 

Metallic® ThreatWise™, which includes all versions of all products using our deception technology, is not vulnerable to the CVE 2021- 44228 Log4J RCE vulnerability. 

How can ThreatWise™ protect your data? 

Numerous Metallic® Threat Sensors are spun up to mimic real assets that instantly report on malicious activity like trip wires. Attempts to exploit the Log4J vulnerability are identified for quick mitigation before reaching vulnerable assets and your crown jewels (your data). 

Log4J affects thousands of servers and clients around the world. Patches are available but to deploy those, companies must identify all servers and clients that are affected by Log4J. In addition, assets must be prioritized to determine which servers and clients require immediate attention. Companies must further ensure that their systems remain secure after patches are applied. The patched code is tested thoroughly, and system activity is monitored during the application of patches. Finally, an effective strategy is defined to remediate any issues that may arise due to the installation of new software. 

The process of updating and deploying patches for servers and clients can take an enormous toll on company resources and take a wide time span. With ThreatWise™ deception technology customers are enabled to cover the path to vulnerable assets with additional protection layer, that diverts malicious activity away from the real assets.  

By clearly identifying Log4J exploitation attempts, measures can be triggered to isolate assets that have yet to be patched. Metallic® ThreatWise™ can detect attempts to exploit vulnerabilities in your networks both internally and externally. 

Summary 

To successfully protect against modern attacks, organizations must quickly identify and respond to threats. The ability to detect attacks at the start enables their remediation before crown jewels are reached. A multi-layered security approach is built to protect your invaluable business data with Metallic® ThreatWise™ deception technology. 

Visit metallic.io to learn more.