Description
Please use this section to provide Critical Analysis writing entries in the form of a Journal.
Entries are limited to between 200 and 300 words (these instructions are exactly 300 words).
This will allow you to provide short writings addressing topics that arise in the class over the course of the semester. Critical Analysis means
not
summarizing a topic, but providing
meaningful commentary, insights, and/or recommended steps to remediate vulnerabilities or provide higher levels of resiliency to an organization
.
Consider these writings to be on the level of quality that you might provide your boss at work. Spelling and grammar matter, and clarity is vital. Summarize the topic (or article)
quickly
to provide context, and then provide a couple paragraphs that provide value. This could include further analysis than the article(s) provide (cite additional sources used), or steps that would improve cybersecurity. Do NOT simply summarize the article, and do NOT use a journal entry to state the obvious (e.g. “cybersecurity is important and we should patch our systems.”). Use this to provide something that your
boss
would consider to be of
value
.
This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers visit
https://www.djreprints.com.
https://www.wsj.com/articles/what-is-the-log4j-vulnerability-11639446180
PRO CYBER NEWS
The Log4j Vulnerability: Millions of
Attempts Made Per Hour to Exploit So!ware
Flaw
Hundreds of millions of devices are at risk, U.S. officials say; hackers could use the bug to steal data,
install malware or take control
Log4j, a piece of software used across corporate, consumer and industrial networks has a major flaw hackers are exploiting.
PHOTO: STEVE MARCUS/REUTERS
By David Uberti, James Rundle and Catherine Stupp
Updated Dec. 21, 2021 12:15 pm ET
A flaw in widely used internet software known as Log4j has left companies and
government o?cials scrambling to respond to a glaring cybersecurity threat to global
computer networks.
The bug could enable potentially devastating cyberattacks that span economic sectors
and international borders, according to security experts.
U.S. o?cials said hundreds of millions of devices were at risk and issued an emergency
directive ordering federal agencies to take steps to mitigate the threat by Christmas Eve.
Researchers and major technology companies warned that hackers linked to foreign
governments and criminal ransomware groups were probing how to exploit the
vulnerability within targets? computer systems.
The U.K.?s National Cyber Security Centre warned corporate boards that ?the situation is
fluid and changing regularly,? and provided guidance for overseeing company risk and
response to Log4j.
What is Log4j?
Software developers use the Log4j framework to record user activity and the behavior of
applications. Distributed free by the nonprofit Apache Software Foundation, Log4j has
been downloaded millions of times and is among the most widely used tools to collect
information across corporate computer networks, websites and applications. The
software is maintained by Apache volunteers who have so far released three security
updates. An Apache spokeswoman said the way Log4j is inserted into di?erent pieces of
software makes it impossible to track the tool?s reach.
How can hackers take advantage of Log4j?s vulnerability?
The Log4j flaw allows attackers to execute code remotely on a target computer, which
could let them steal data, install malware or take control. Exploits discovered recently
include hacking systems to mine cryptocurrency. Other hackers have built malware to
hijack computers for large-scale assaults on internet infrastructure, cyber researchers
have found.
The vulnerability might give hackers enough of a foothold within a system to install
ransomware, a type of computer virus that locks up data and systems until the attackers
are paid by victims. Security company F-Secure Oyj said its analysts have observed some
ransomware variants being deployed via the Log4j flaw, along with malware that is often
deployed as a precursor to a ransomware strike.
?To be clear, this vulnerability poses a severe risk,? said Jen Easterly, director of the
Cybersecurity and Infrastructure Security Agency. Internet-facing systems as well as
back-end systems could contain the vulnerability.
Are foreign governments taking advantage of the flaw?
Security company Mandiant Inc. and Microsoft Corp. said they have traced attempted
attacks that exploit the flaw to hackers with suspected links to China and Iran. Microsoft
said one of the groups is the same one responsible for a hack of its Exchange Server email
product earlier this year, which the U.S. attributed to China. Beijing denies involvement in
the attack.
Microsoft said that it has also seen nation-backed hackers from North Korea and Turkey
attempting to exploit Log4j.
Cybersecurity company SecurityScorecard Inc. said it has observed scans for the
vulnerability linked to Russia-based hackers, including the group blamed for hacking the
Democratic National Committee in 2016.
How is the U.S. government responding?
O?cials say they have been in frequent contact with cybersecurity companies, cloudservice providers and telecommunications businesses to share information about the
threat. The Biden administration ordered federal agencies to locate internet-connected
software that uses Log4j and immediately update those tools, bolster their security
measures or take them o?ine.
Eric Goldstein, executive assistant director of the Cybersecurity and Infrastructure
Security Agency, said he wasn?t aware of any agency being breached using the Log4j flaw.
WELCOME BACK
?But certainly we are deeply concerned about
the prospect of adversaries using this
We noticed you’re already a member.
Please sign in to continue reading WSJ or
your next reading experience may be
blocked.
vulnerability to cause real harm and even
impacting national-critical functions,? he said.
CISA?s information page o?ers
recommendations.
SIGN IN
How is Europe responding?
Belgium?s Defense Ministry said it shut down
parts of its computer network because
attackers triggered the vulnerability.
Cybersecurity response teams for the 27 European Union countries are monitoring Log4j
developments. Experts in national units across Europe are constantly exchanging
technical information about what they see, said Gorazd Bozic, the chair of the network of
incident response units from EU countries.
The network could move into a higher emergency-level status if a serious exploit occurs in
Europe, Mr. Bozic said. So far, analysts have seen low-sophistication attempts to exploit
Log4j, such as attackers seeking to install software for mining cryptocurrency, he said.
Belgium?s Centre for Cyber Security has been in contact with local companies after
issuing a report on how to identify whether the vulnerability is being compromised, said
Kevin Holvoet, a cyber threat intelligence analyst at the agency. Analysts have seen
continuing scanning attempts to trigger the bug as well as reconnaissance e?orts, he said.
The U.K.?s National Cyber Security Centre published steps to help companies identify the
vulnerability in their IT infrastructure. The Dutch National Cyber Security Centre is
maintaining a list of software that is and isn?t a?ected by the vulnerability.
In Romania, the National Cyber Security Directorate sent individual alerts to companies
and critical infrastructure operators, said Dan Cimpean, the organization?s director. Mr.
Cimpean said he has seen no sign of a serious incident in Romania. If a Romanian
company is compromised, cyber experts from the agency could help, he said. ?We have
tools to escalate a very fast response if needed,? he said.
How widespread is the Log4j flaw?
Cybersecurity company Akamai Technologies Inc. has tracked 10 million attempts to
exploit the Log4j vulnerability per hour in the U.S. Hackers are using the vulnerability to
target the retail sector more than any other, Akamai said. The technology, financialservices and manufacturing industries have also been frequent targets.
Which technology suppliers are a?ected by the Log4j vulnerability?
Many, and the list is growing. Among them are Apple Inc., Amazon.com Inc., Cloudflare
Inc., IBM, Microsoft?s Minecraft, Palo Alto Networks Inc. and Twitter Inc. Several
technology companies have issued alerts and guidance to customers about how to
decrease their risk.
How can companies fix the Log4j problem?
CISA suggests immediately identifying internet-facing devices that have Log4j and
ensuring your security team responds to alerts related to these devices. Also, install a web
application firewall with rules that automatically update so that your team can
concentrate on fewer alerts.
Microsoft recommended a series of steps to mitigate the risk of exploitation, including
contacting your software application providers to be sure they are using the most up-todate version of the Java programming language, which would include patches.
In lieu of available patches, Teresa Walsh, global head of intelligence at the Financial
Services Information Sharing and Analysis Center, recommends that companies limit
unnecessary outbound internet tra?c, which would go some way to protecting vulnerable
systems.
?Firms can reduce their risk by reducing their exposure,? she said.
Write to David Uberti at [email protected], James Rundle at [email protected]
and Catherine Stupp at [email protected]
Copyright ? 2022 Dow Jones & Company, Inc. All Rights Reserved
This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers visit
https://www.djreprints.com.
Welcome Back
Sign in to continue reading The Wall Street Journal.
SIGN IN
Purchase answer to see full
attachment
