The National Cyber Security Centre (NCSC) is advising organisations to urgently assess their web servers for exposure to a new vulnerability, and to take measures to address the risk of compromise. This issue only affects organisations operating web server infrastructure and not users operating home or personal devices.
The NCSC has been working with partners across Government and the private sector to address a serious vulnerability that has been identified in Apache Log4j (CVE-2021-44228). This is an open source java logging library used by many web applications and services. The vulnerability, which Apache has subsequently released a patch to remedy, allows an unauthenticated remote attacker to execute arbitrary code with the privileges of the web server. It is likely that malicious actors will shortly begin using this vulnerability to attack webservers.
There is no evidence of any successful exploitation of this vulnerability in the State, or any effect on services or data, but the risk of eventual compromise will persist for any entity until the vulnerability is addressed.
This vulnerability poses a serious risk to the security and integrity of data and the NCSC advises that organisations urgently assess their web servers for exposure to this risk. This should include services administrated and provided by third party service providers. Apache has published an update and administrators should conduct their patch process to update to log4j-2.15.0-rc2.
Attempts to exploit the vulnerability can be detected. This is because log files for any services using affected log4j versions will contain user-controlled strings; for example, “Jndi:ldap”.
The NCSC has published a detailed advisory at: https://www.ncsc.gov.ie/pdfs/apache-log4j-101221.pdf and further details will be published on the NCSC website as they emerge over the coming days.
Anyone who has been a victim of cyber crime should report the issue to An Garda Síochána.
NOTES
The National Cyber Security Centre (NCSC) was founded in 2011 and is an operational arm of the Department of the Environment, Climate and Communications (DECC). The NCSC is responsible for advising and informing Government IT and Critical National Infrastructure providers of current threats and vulnerabilities associated with network information security.
The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing. In the period since 2011, the unit has focused its efforts on building capacity and establishing a stable base for its operational work.
The NCSC encompasses the State’s National/Governmental Computer Security Incident Response Team (CSIRT-IE). CSIRT-IE is an internationally accredited response team with its main function being the enhancement of situational awareness for constituents and for the provision of incident response for national cyber security incidents. CSIRT-IE has initially focused on the State sector and acts as a national point of contact for all cyber security matters concerning Ireland.
Help support Cork Safety Alerts by becoming a member – Click Here