There is a new code concern that has emerged in the MSP world, and it has many software vendors and IT service providers scrambling.
A vulnerability in Log4j, a piece of open-source code available from Apache Software Foundation that can be found in software used by some of the world’s most prominent companies including technology vendors and managed service providers (MSPs), was exposed late last week.
Log4j is a widely used Java library for logging error messages in applications. The vulnerability, known as CVE-2021-44228 and originally reported in a blog post by the video game Minecraft, allows hackers to communicate with Log4j remotely via the internet.
The implications for MSPs and software vendors are severe, as it puts basically any device that is exposed to the internet and runs Apache Log4j, versions 2.0 to 2.14.1 at risk.
CloudBlue PSA does not employ Log4j
CloudBlue PSA does not employ Log4j in its code base and therefore is not vulnerable to remote takeover from hackers via this method.
In addition, CloudBlue and Ingram Micro are not affected by the vulnerability despite using previous, non-impacted versions of Apache’s Log4j code.
In a recent report, Black Knight Solutions, a web hosting service, found CloudBlue and Ingram Micro to be “not vulnerable” to the bug. Additionally, our application security teams have conducted a full review and have confirmed there is no impact. For further details visit this knowledge base article.
We at CloudBlue PSA know that it’s paramount for MSPs to be aware of the circumstances and risks involved with Log4j in order to employ proactive measures to protect against any current and future exploitation. Below you’ll find more information about the Log4j vulnerability, how it’s impacting MSPs and how IT service providers can take precautions.
What is Log4j?
CVE-2021-44228 is a code vulnerability in Apache Log4j, versions 2.0 to 2.14.1 that allows hackers to remotely execute code on a target computer, allowing them to conduct acts such as stealing data, installing malware or taking complete control of a system. The cybercrimes seen thus far have ranged from hacking in and stealing cryptocurrency, all the way to large-scale attacks on internet infrastructure. State-sponsored actors are also reported to be exploiting the bug.
Internet-facing systems as well as backend systems could contain the code vulnerability. Cybersecurity experts are especially concerned about hackers taking advantage of the bug to install ransomware, which can shut down systems until victims pay a fee to have them released again.
According to reports, Log4j has been downloaded millions of times and is among one of the most widely used tools to collect information across corporate computer networks, websites and applications.
Because the code has such a broad scope, the vulnerability may impact a very wide range of software vendors and services providers. Experts in security have said that there are hundreds of thousands of attempts being made currently by hackers to find vulnerable devices, with over 40% of corporate networks being targeted.
What should MSPs do?
If you are an MSP that runs the affected versions of Log4j, there are some key steps you can take.
MSPs should fortify back-end defenses by applying the patches provided by software vendors that employ the affected versions as quickly as possible. Service providers should also set up alerts for probes or attacks.
The Apache Software Foundation itself has released multiple updates in recent days and it is advised to upgrade to the latest version of the Log4j tool in order to patch any vulnerabilities.
Experts are also recommending that companies limit unnecessary outbound internet traffic, which could serve some value in protecting vulnerable systems.
For MSPs, staying on top of status updates and associated technology vendor guidance will help to avoid potential supply chain attacks related to the bug. According to Apache, there is also a workaround to mitigate this vulnerability, and MSPs who feel they have been exposed should leave no effort unattended.
Companies around the globe are also stepping up in a concerted effort to confront the Log4j vulnerability. The Netherlands’ National Cyber Security Centrum (NCSC) has posted a comprehensive list on GitHub of all affected products that are either susceptible, not susceptible, are under investigation or where a fix might be available. Meanwhile, Microsoft has created a series of steps to diminish the risk of exploitation. Also useful, Huntress has created a tool to help IT departments test whether their applications are vulnerable.
Finally, as many companies navigate this latest cybersecurity threat, it is paramount to have regular communication with customers and issue guidance as it becomes available.
CloudBlue PSA is monitoring the situation
The worldwide Log4j software cleanup could take months, and according to some experts even years, because thousands of third-party software products run the code and have been affected.
While companies employ measures to mitigate and remedy the risk, it is wise for MSPs to taper down on outbound internet use in the near term. This will lower the probability of susceptibility—as with less exposure, comes less risk.
Although CloudBlue PSA does not employ Log4j in its code base and has been found to be secure against Log4j, we will be keeping an eye on the situation to ensure our customers are updated with the latest developments.
If you have any questions regarding the Log4j vulnerability, we invite you to contact firstname.lastname@example.org.
About the Author: CloudBlue PSA is the most complete cloud professional services automation (PSA) software on the market. Purpose-built with functionality to simplify every need of MSPs and Professional Services Organisations, CloudBlue PSA introduces a state-of-the-art PSA system built for today’s modern service provider. The platform empowers services organizations to scale recurring channel revenue and diminish operational complexity via its advanced product suite, which includes automated billing and reconciliation, an industry-leading customer support center and network operations center (NOC), real-time profitability analysis, and much more. CloudBlue PSA is available globally. Follow CloudBlue PSA on Twitter, LinkedIn or Website