The National Cyber Security Centre (NCSC) is advising organisations to urgently assess their web servers for exposure to a new vulnerability, and to take measures to address the risk of compromise. This issue only affects organisations operating web server infrastructure and not users operating home or personal devices.
The NCSC has been working with partners across Government and the private sector to address a serious vulnerability that has been identified in Apache Log4j (CVE-2021-44228). This is an open source java logging library used by many web applications and services. The vulnerability, which Apache has subsequently released a patch to remedy, allows an unauthenticated remote attacker to execute arbitrary code with the privileges of the web server. It is likely that malicious actors will shortly begin using this vulnerability to attack webservers.
There is no evidence of any successful exploitation of this vulnerability in the State, or any effect on services or data, but the risk of eventual compromise will persist for any entity until the vulnerability is addressed.
This vulnerability poses a serious risk to the security and integrity of data and the NCSC advises that organisations urgently assess their web servers for exposure to this risk. This should include services administrated and provided by third party service providers. Apache has published an update and administrators should conduct their patch process to update to log4j-2.15.0-rc2.
Attempts to exploit the vulnerability can be detected. This is because log files for any services using affected log4j versions will contain user-controlled strings; for example, “Jndi:ldap”.
The NCSC has published a detailed advisory at: https://www.ncsc.gov.ie/pdfs/apache-log4j-101221.pdf and further details will be published on the NCSC website as they emerge over the coming days.
Anyone who has been a victim of cyber crime should report the issue to An Garda Síochána.