Ashton Solutions Response to Log4J Threat

The following email was sent to all Ashton clients on December 14, 2021

PLEASE READ THIS CAREFULLY, IN ITS ENTIRETY.

This is an urgent security bulletin about the Log4Shell security vulnerability making headlines this week.  Ashton Technology Solutions has been monitoring the situation and would like to update you on what is being done to protect your business.

What is it?

The vulnerability is contained in a widely used software component which allows remote attackers to gain control over computers running the Java programing language.  The Financial Times reports that researchers have identified more than 100 attacks per minute perpetuated by criminal organizations and Chinese state-sanctioned actors since Friday. Thus far, cybersecurity experts have seen remote attacks that deploy crypto-mining malware and have exfiltrated data from vulnerable systems.

What does it mean for my organization?

The vulnerability affects Java-based applications that use the Log4J logging library.  Since this tool is very widely used by most major application vendors, individual developers are working to patch this vulnerability.  The tools Ashton leverages within your environment have already been patched for this vulnerability.  We are in the process of updating other common applications, such as wireless controllers, which are known to be vulnerable.

Ashton has confirmed that our endpoint security solution, Sophos, is neither impacted nor vulnerable.  Sophos has confirmed that its firewall and endpoint solutions have been actively updated to look for intrusion detections and to block malicious behavior associated with this evolving attack.  For Ashton clients with Sophos Managed Threat Response, the security teams have been updated and are operating at a heightened level, actively looking for signs of compromise.  To date, Sophos has not reported any malicious behavior on any Ashton managed systems.

Next steps

Ashton is leveraging the Sophos security team to stay up to date on this evolving threat.  Our team is in the process of implementing a detection tool to help identify vulnerabilities and risks to your environment.  As software patches become available, we will deploy them, and as a result you may be prompted to reboot your workstations.

According to the Financial Times, Microsoft, Amazon, Apple, IBM, and Cisco have released patches for their software, and thus far here have been no reported severe breaches.  It is important to note that this vulnerability and resultant attacks are likely to continue for several weeks, due to the time required by each software vendor to update their software.  Those organizations running older software that is no longer under support will be the most vulnerable.  Per the research team at Binary Defense: “Attackers have already started attacks en [sic] mass and continue to innovate new ways to exploit it. This means that the risk of your company experiencing an intrusion and data breach is much higher than normal for the next several weeks.”

If you would like more detail about the attack, or to discuss this situation with us, please feel free to contact us at 216 397-4080.

For further information about this breach please reference the following:

Hackers launch over 840,000 attacks through Log4J flaw | Ars Technica

Advice for Defenders Responding to the log4j Vulnerability CVE-2021-44228 – Binary Defense

“Log4Shell” Java vulnerability – how to safeguard your servers – Naked Security (sophos.com)

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation – Microsoft Security Blog

Log4j – Apache Log4j Security Vulnerabilities

The Log4Shell 0-day, four days on: What is it, and how bad is it really? | Ars Technica