Last week, a significant cybersecurity vulnerability was identified dubbed Log4j or Log4Shell. The vulnerability allows hackers to remotely control a victim’s computer/server by running malicious code using an exploit in the Log4j library. The exploit is easy to execute and very widespread because the Log4j library is used in many software packages and online systems.
Because of the ease of attack, its widespread nature, and the potential damage, this is considered riskier than 99.61% of all cybersecurity vulnerabilities
|What Hackers Are Doing Currently, hackers are primarily scanning for vulnerable devices and taking control of them to mine for cryptocurrency. However, it is possible for them to take much more malicious actions using this exploit.
|What LeeShanok is Doing
We have seen scans and remote control attempts on several of our clients’ servers. Thankfully, next generation firewalls have successfully blocked these attempts at gaining control. If you are not sure if you have the correct type of firewall protecting you, ask your account manager.
For all of our managed IT clients, we are automatically patching using the following process. This is included in your managed IT plan:
1. Checking to see if a breach has been attempted
2. If so, checking to see if any payloads have been executed
3. If so, assessing the risk level of the payload
1. If the risk is low, performing a malware scan
2. If the risk is high, taking the system offline and restoring from backup
4. Applying security patches and rebooting if needed
5. If there is a next generation firewall, confirm it is configured to block intrusion attempts
6. Perform a vulnerability scan to confirm the patch was successful
If you are not a managed IT client, and you would like our team to assist with assessing your systems, please reach out to us for support.
What You Should Do
Stay alert for any updates/patches pushed out by your other technology vendors and install them immediately. Keep an eye out for further communication from LeeShanok pertaining to your unique situation.
The LeeShanok Team
Phoenix: 602-277-5757 Tucson: 520-888-9122 ITNews@leeshanok.com