Welcome to the Cyber and Fraud Centre Threat Intelligence app! If you’ve already downloaded the app but are unsure how to begin, this guide is…
What is Log4j?
Log4j is a small piece of free software often used on apps and servers to record or log activity. These logs can be used by developers and IT professionals to identify issues on apps and severs. Logs are very important and so this means Log4j is very popular due to it being freely available and easy to set up.
What’s the problem?
Last week, a major vulnerability in Log4j was discovered – dubbed log4shell. The vulnerability allows hackers and cyber criminals, with very little expertise, to send malicious code to Log4j that can do harmful things to the affected device. This ranges from giving a hacker unwanted access to stealing sensitive data, and spreading to other devices on the same network.
How bad is it?
Many media outlets are reporting that ‘the internet is on fire’ over this vulnerability. Whilst nothing is actually on fire, it is not an exaggeration to say that this is one of the most serious and most dangerous vulnerabilities of the past decade. Huge numbers of devices and services are affected, including many popular software applications and online service providers.
Am I affected?
It is difficult to determine the extent of who is affected by this vulnerability, so you should assume you are vulnerable until you have verified you are not. Most of the apps individuals use on their phones and computers have a risk of being affected. If you or your organisation has a website, then there is also a high chance the webserver is affected.
What can I do?
The first thing you should do is ensure all updates are completed as soon as possible. The best way to mitigate log4shell is to ensure any device that could potentially use log4j is running the latest version of the software. Even if you are unsure if you have an app or service that uses log4j, doing updates routinely ensures that the app or device has enhanced protection against cyber attacks.
Secondly, you should contact your IT provider and ask them to make sure all your devices and servers are up-to-date. Especially servers that are used by your website. If they are unsure about the vulnerability, you can direct them to technical notices from the SBRC and the NCSC.
Thirdly, check your 3rd party software and service providers for their advisories on the vulnerability. Major vendors like Microsoft and Google have all released advisories on mitigating the damage from this vulnerability. Identify your 3rd party vendors and check their websites for their advisories on log4j.
Finally, update personal devices. This vulnerability affects all devices, not just work devices. The vulnerability can even affect video games, so ensure any family members devices are updated.
For updates on the situation as it unfolds, download the SBRC App – available on iOS and Android – and check out the SBRC blogpost https://cyberfraudcentre.com/log4shell-vulnerability
If you are unsure about how to approach remediating this vulnerability or do not have an IT provider you can contact, please email the SBRC Incident Response Mailbox at [email protected].
If you believe you have been a victim of a cyber incident, or for urgent cyber enquires please phone the SBRC Incident Response line on 01786 437 472.