Our NDR Solution ThreatEye by LiveAction has launched. Read The Press Release
Skip to Main Content

New FTC Warning: Patch Log4j

The U.S. Federal Trade Commission (FTC) started off the new year by issuing a warning to organizations of all sizes.

You must remediate Log4j vulnerabilities on your network or else it may cost you.

“It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers and to avoid FTC legal action.

The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. ”

The FTC warning also used the Equifax data breach as a reminder of how expensive missing a critical security patch can become.

“…a failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty states.”

log

Analyzing a Log4j Exploit at the Packet Level

The Federal Trade Commission says the Log4j vulnerability (CVE-2021-44228) is being “widely exploited by a growing set of attackers” right now.

What does this exploit look like?

LiveAction experts recently analyzed a Log4j exploit at the packet level, using Omnipeek for Windows. Here is how our team did it.

First Steps to Remediating the Log4j Vulnerability

The Cybersecurity Infrastructure and Security Agency (CISA) is updating its Log4j response page and urges every organization to take four immediate actions:

  1. Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.
  2. Discover all assets that use the Log4j library.
  3. Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.
  4. Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).

Monitoring for unusual traffic patterns and problems can shorten the time to detection. This is just one example of why detailed and visual network monitoring does more than improving network health, it also increases your security posture.

LiveAction believes organizations will finally achieve multi-cloud visibility for NetOps and SecOps by embracing Network Performance Monitoring (NPM) Solutions that see into encrypted traffic. See more details and read the rest of the LiveAction 2022 predictions, here.