Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers. Show
When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action. According to the complaint in Equifax, a failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty states. The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. Check if you use the Log4j software library by consulting the Cybersecurity and Infrastructure Security Agency (CISA) guidance: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance. If you do use it:
The Log4j vulnerability is part of a broader set of structural issues. It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.[1] This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security. Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack. Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to or (888) 282-0870.
CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, we’ve compiled free cybersecurity services and tools from government partners, and industry to assist. Recommended actions include: Reduce the likelihood of a damaging cyber intrusion
Take steps to quickly detect a potential intrusion
Ensure that the organization is prepared to respond if an intrusion occurs
Maximize the organization's resilience to a destructive cyber incident
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber
incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government
webpage providing ransomware resources and alerts.
For more detailed information, visit the StopRansomware.gov website, and follow the steps on the I’ve Been Hit by Ransomware! page.
Cybersecurity Advisories2021 Top Malware Strains Control System Defense: Know the Opponent Weak Security Controls and Practices Routinely Exploited for Initial Access CISA, FBI, NSA, and International Partners Issue Advisory on Demonstrated Threats and Capabilities of Russian State-Sponsored and Cyber Criminal Actors DOE/CISA/NSA/FBI Cybersecurity Advisory: APT Cyber Tools Targeting ICS/SCADA Devices Sharing Cyber Event Information: Observe, Act, Report CISA/DOE Insights: Mitigating Attacks Against Uninterruptible Power Supply Devices Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability Update: Destructive Malware Targeting Organizations in Ukraine Joint Cybersecurity Alert: Protecting Against Cyber Threats to Managed Service Providers and their Customers Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure Alert (AA22-057A) Destructive Malware Targeting Organizations in Ukraine (February 2022) Updated: Conti Ransomware Cybersecurity Advisory CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure (pdf) (February 2022) CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats (pdf) (January 2022) Alert (AA22-011A) Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure (January 2022) Russia Cyber Threat Overview and Advisories Cyber Preparedness ResourcesUPDATED 10 MAY Strengthening Cybersecurity of SATCOM Network Providers and Customers National Cyber Awareness System New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks Cyber Essentials Toolkits Cyber Resource Hub CISA Cybersecurity Awareness Program Toolkit CISA ToolsShields Up Technical Guidance Cyber Guidance for Small Businesses Cyber Incident Resource Guide for Governors COVID-19 Disinformation Toolkit Free Public and Private Sector Cybersecurity Tools and Services Known Exploited Vulnerabilities Catalog Mis-, Dis-, and Malinformation ResourcesMDM Rumor Control Page Start-Up Guide War on Pineapple Emergency Communications ResourcesPriority Telecommunications Fact Sheet (.pdf, 337.37kb) Priority Telecommunications Eligibility Fact Sheet (.pdf, 684.49kb) Why are computer systems so vulnerable describe the most common threats against contemporary information systems?Wi-Fi networks can easily be penetrated by intruders using sniffer programs to obtain an address to access the resources of the network. Computer viruses and worms can disable systems and Web sites. The dispersed nature of cloud computing makes it difficult to track unauthorized activity or to apply controls from afar.
Is a form of malware that fools its victims into thinking that it is useful software from a legitimate source?Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication. Attackers will commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions.
How could the malicious software and company insiders pose serious problems against the security of information systems?Malicious insiders intentionally elude cybersecurity protocols to delete data, steal data to sell or exploit later, disrupt operations or otherwise harm the business.
|