As the Log4Shell flaw continues to worry the global internet ecosystem, the Information and Digital Security Experts Club (Cesin) has released a kit to help businesses and institutions deal with the situation.
The Log4Shell flaw, first reported on November 24, 2021 and then disclosed more broadly on December 9, has started to be actively exploited. In order to help “any type of organization, companies and communities, to face” to the vulnerability, the Information and Digital Security Experts Club (Cesin) has published a “Log4j kit” (PDF), named after the relevant Java logging library. This kit, based on the conclusions of a working group that brought together around 100 experts, aims to allow organizations to understand in detail what the Log4Shell flaw is, to know if they are the victims of an attack by ransomware, malware or cryptominer injection for example, but also to initiate the relevant steps in the event of exploitation.
The association emphasizes that 80% of its 700 members (including CAC 40 companies, but also ministries) have activated a crisis unit following the disclosure of the flaw. This means that teams of developers and cybersecurity experts have started to apply security patches and measures.
A great deal of uncertainty
“As the many IT subcontractors of companies are obviously affected, a large part of this crisis management consists in ensuring that these suppliers have taken this vulnerability into account.”, underlines the Cesin. “This only increases the degree of uncertainty that weighs on companies today in relation to the extent of the consequences of this flaw”, worries the organization.
As a reminder, Log4j, an information recording library developed by the Apache foundation, represents around a third of Internet servers in the world. It is for example used in software applications or services such as those of Twitter, Amazon, Microsoft or Minecraft. The Log4 vulnerability can allow cybercriminals to take full control of a Java server and thus launch remote code execution attacks without the need for authentication. In an alert published on December 16, the National Information Systems Security Agency (Anssi) pointed out that the Log4Shell flaw was “now actively exploited maliciously by attackers”. For the time being, these would mainly be attacks “relatively benign”, corn “future or undetected exploitations, potentially much more serious” could occur in the coming weeks.