Whalebone’s take on the Apache Log4J flaw
The mainstream internet press has been alive this week with articles discussing the recently discovered flaw in code used by many software and hardware manufacturers including well-known brands - which creates broad vulnerability to attack by malicious actors.
The vulnerability “is one of the most serious I’ve seen in my entire career, if not the most serious. We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage” - Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency is reported to have said on a call with business leaders. Her colleague Jay Goldstein, the agency’s Executive Assistant Director for Cybersecurity noted that he expected hundreds of millions of devices to be affected.
The flaw itself
There are two especially worrying points about the flaw itself. First is that the flaw does not require an experienced or well-funded hacking operation to take advantage of, and can be exploited by those with limited knowledge and skill. Which allow hackers to easily enter their target’s computer networks and do damage. The second is that the flaw is in a section of code which is widely available and widely used in areas that make it hard to find, and may be present in older hardware or software versions, which are in use but no longer supported by the manufacturer.
While this is an especially concerning combination of risks, the Whalebone has been monitoring the flaw since it was released earlier this week. While the flaw itself is absolutely concerning, and we recommend that affected companies expend the time and resources to repair the flawed code with more secure versions, there are ways to mitigate the risk of attack while the patch is applied.
Mitigating the flaw
These methods primarily lie in the way an attacker would try to exploit this vulnerability, e.g. they may be able to enter a device or whole network, but once there, are limited in their ability to carry out malicious activities. Many attacks (no matter how they get in) do not contain the full virus, but more commonly tell the infected device to download it from somewhere. Hard code a specific address into their initial attack. While this might seem like a good idea, it leaves them vulnerable to government authorities, Internet Service providers, or other predatory hackers. In the majority of these cases, this download process requires a separate address via a “DNS request” - aka a request to the “address book of the internet” to find the right place to download the virus from. Whalebone blocks malicious DNS requests, denying the virus and its attacker a chance to complete their attack.
To learn more about how Whalebone helps your users browse without interruption – either from security or from unintended outages – schedule a demo call with our sales representatives
