Log4J, a new critical vulnerability is the latest cyber security risk nightmare to shakeup the cyber insurance industry. Indeed, the cyber insurance industry has been in a highly vulnerable state since Covid-19 began, and due to ongoing ransomware demands, SolarWinds, Microsoft Exchange and now the discovery of the Log4J vulnerability. This is why cyber insurance premiums have increased significantly over the past year. Many believed that cyber insurance premiums would stabilize in 2022, however, due to the continuous cyber events and new vulnerabilities that arise with zero-notice, it is highly unlikely. We’re in for a very long ride that will challenge companies, IT security departments, and the cyber insurance carriers, underwriters and brokers that insure them.
What is Log4J?
Log4J is an open-source logging framework that developers use to record actions and activities within their applications.
Assess your Log4J risk ASAP
While Log4J was just discovered, hackers have already started exploiting the recent flaw. IT security departments will need to prioritize their risk mitigation efforts in order to assess whether their company is running any of the vulnerable software, and then take the necessary steps to mitigate the issue. Because many software vendors include Log4J in their applications, you should also audit third party software used in your organization.
What you should do now
If this is an on-premises solution that your company manages, it is highly recommended that you disable the vulnerable functionality by setting the flag -Dlog4j2.formatMsgNoLookups=true.
You also need to update Log4J to the latest version, which can be downloaded here.
What platforms are vulnerable to Log4J?
This section contains a list of platforms Coalition has identified as potentially vulnerable to CVE-2021-44228.
- Okta RADIUS Server Agent, Okta On-Prem MFA Agent
- Apache Struts, Solr, Druid, ActiveMQ, Flume, Hadoop, Kafka,Dubbo,Flink,Spark, Tapestry, Wicket
- Accellion Kiteworks
- Redhat OpenShift Container Platform 4, OpenShift Container Platform 3.11, OpenStack Platform 13 (Queens), OpenShift Logging.
- Grails
- Ghidra
- Minecraft
- VMWare Horizon, VCenter, HCX, NSX-T Data Center, Unified Access Gateway, WorkspaceOne Access, Identify Manager, VRealize Operations, VRealize Operations cloud proxy, VRealize log insight, VRealize Automation, VRealize Lifecycle Manager, Telco Cloud Automation, Site Recovery Manager, Caron Black Cloud Workload Appliance, Carbon Black EDR Server, Tanzu GemFire, Tanzu Greenplum, Tanzu Operations Manager, Tanzu Application Service for VMs, Tanzu Kubernetes Grid Integrated Edition, Tanzu Observability by Wavefront Nozzle, Healthwatch for Tanzu Application service, Spring Cloud Services for Vmware Tanzu,Spring Cloud Gateway for Vmware Tanzu, Spring Cloud Gateway for Kubernetes, API Portal for VMWare Tanzu, Single Sign-on for VMWare Tanzu Application Service, App Metrics, Vmware vCenter Cloud Gateway, VMWare Tanzu SQL with MySQL for VMs, Vrealize Orchestrator
Check with your Vendors that are not on this list and ask them:
- Do you use any software that relies on Log4J ?
- Have you executed any mitigations for CVE-2021-44228 ?
- Did you do any investigation to confirm you have not been a victim to exploitation of CVE-2021-44228 ?
A more extensive list being updated by the cybersecurity community and twitter user @SwitHak which can be found here.
Please reach out to us for assistance with obtaining a cyber insurance quote for your company, or for help with an upcoming cyber insurance policy renewal.