正如您所知道的那样,业务,技术和网络安全行业一直在嗡嗡作响,而不是Log4Shell(CVE-2021-44228),AKA Logjam,最新的软件漏洞在早期版本的Apache log4j日志记录实用程序中。顾名思义,Logger是一段记录计算机系统中发生的事件的软件。它产生的记录对于追踪错误或检查系统内的任何异常行为的记录非常有用。

Understandably, this may be the first time you’ve been told explicitly about the Log4j tool, but what many don’t realize is that hundreds of millions of applications and web services, including those offered by Twitter, Apple, Google, Amazon, Steam, and Microsoft, among others, rely on it. The software and online services you use in your business may be Java-based, too, thus opening you up for possible exploitation.

利用这种缺陷允许黑客蠕虫进入未被割配的系统来控制。在任何端点上有这一点严重糟糕,因为它的超宽攻击表面和可以带来的伴随损坏潜力。

Read everything you need to know about Log4Shell in our blog post,
“Log4j zero-day ‘Log4Shell’ arrives just in time to ruin your weekend.”

由于这一切,企业,特别是SMB,保护自己免受利用LOG4SHELL漏洞的威胁。必威官网多少现在最肯定的是微软已经开始看到了它是它作为“访问经纪人”的地下组,那些利用Log4shell渗透并获得目标公司网络的初步访问,希望将它们销售给勒索威胁威胁演员。

根据Microsoft威胁情报中心(MSTIC)和Microsoft 365防守威胁情报团队,“我们观察到这些组在Linux和Windows系统上尝试开发,这可能导致人类运营的赎金软件对这两个人的影响增加操作系统平台。“

Ransomware is not the only concern here. Threat actors can also installcryptominers, malware that turns devices into bots and making them part of abotnet—which Miraibot herders已经开始做了—and钴罢工滥用网络监控的网络犯罪分子。

SMBS如何保护自己能够从Log4J的攻击中保护自己?

使用Linux的SMB可以通过检查它们正在使用的平台的版本是否受到影响。TechRepublic已发布a nifty guideon just how to do that.

另一方面,SMB Windows用户应该期望易受Microsoft在其产品中使用基于Java的应用程序。该公司对Log4J的问题提供了漫长的指导here,它定期更新关于涉及滥用LOG4SHELL缺陷的犯罪运动的观察。必须持续返回该博客文章以进行更新。

Once you have determined that your platform is impacted by Log4Shell, you must upgrade to the latest version of Apache Log4j, which is2.15.0。如果您使用的是2.10和2.14.1之间的版本,但无法更新到最新版本,RiskiQ建议organizations to change the following JVM parameter value to “true” and restart the Java process:

-DLog4j2.formatMsgNoLookups=true

“组织尚不清楚,包括this parameter must check the documentation of the related Java project/product in use for the correct place,” the company further advises. “Alternatively, they may set the LOG4J_FORMAT_MSG_NO_LOOKUPS=”true” environment variable to force this change. Kubernetes deployments may use this environment variable approach to set it across Kubernetes clusters, effectively reflecting on all pods and containers automatically.”

最后,网络安全和基础设施安全局(CISA)鼓励用户和商业管理人员访问审查Apache log4j安全漏洞页面以尽快应用其他推荐的缓解步骤。