Recently (11/12 DEC 21) we saw the internet go into meltdown with the exploitation of a vulnerability in a library called Log4J dubbed Log4Shell. The vulnerability has the potential to allow individuals with malicious intent Remote Code Execution and if exploited, allows an attacker to take complete control of a system. Not only that but in some cases, a system could be replicated and hosted elsewhere as bait for an unwitting party. Log4J is a ‘logging framework’ used by developers and primarily system architecture and appliances.
It hit the internet hard and fast last weekend when a Proof of Concept was published on 9th December 2021. Vendors and developers rushed to ensure their software and devices we properly patched against this potential exploit and determine whether it has been used against them before. One thing about hackers; they’re not going to tell you that they’ve found a way in.
Several larger companies have found that the exploit has been used against them at some level and have been patching as fast as they can. It impacts such a wide range of programs — nearly everything written in Java or that relies on software written in Java, ranging from products made by Amazon to Apple and everyone inbetween. The bigger issue will be tracking down all the programs that have an instance of Log4J which could go on for some time.
There has been no evidence or official statements to suggest that Microsoft, Cisco or Google have had any form of compromise – only that they had the libraries integrated into some of their services. A better statement: ” it impacts such a wide range of programs — nearly everything written in Java or that relies on software written in Java, ranging from products made by Amazon to Apple and everyone inbetween”
US Federal Agencies have been ordered to have the vulnerability patched by 24th December. You can read more about this here: CISA orders federal agencies to patch Log4Shell by December 24th (bleepingcomputer.com)
The ACSC is aware of scanning attempts to locate vulnerable servers. As of 14 December 2021, the ACSC is aware of targeting and compromise of organisations using this vulnerability globally and in Australia. This vulnerability is trivial to exploit, which is why there is urgency in having systems patched to mitigate business risk and minimise known attack surfaces..
What are ONGC doing?
Our security team have been on the case since early Saturday morning (11/12/2021), gauging the impact of the issue and ways to prevent against it. This includes scoping the relevant clients who will require contacting and ensure they have all necessary updates and patches to fortify their business against this vulnerability. Any client who has hardware that is out of date or no longer supported will also be affected as these devices may need to be quarantined due to them being out of date.
So, sit tight and be vigilant. Either your account manager or a member of our security team will be in touch with you if you are an ONGC managed client.
If you don’t have an agreement with us and have concerns about your technology or business security, please reach out to us. Our team will be happy to have a chat with you and arrange a good time to assess your systems or have a discussion about how we can best help you and your business.
Please reach out to us today – you can call us on 1800 664 248.
