Log4j and IoT Need for Urgent Action

discovered cyber vulnerability in Apache Log4j

The recently discovered cyber vulnerability in Apache Log4j, a widely used open source Java software package, has created a need for organizations to urgently assess and remediate this vulnerability across all their systems, including IoT devices. This blog highlights why there must be a rapid response to this cyber threat, how Viakoo is addressing this with its own systems and products, and how your organization can leverage automated device firmware management to quickly eliminate the threat of IoT devices being breached by the Log4j vulnerability.

This vulnerability can be exploited on IoT applications devices as well as traditional IT applications and devices. Many IoT devices use Java and the Apache Log4j component, which can be deeply embedded in the software stack used by the device. When exploited, this vulnerability allows an attacker to run arbitrary code on the device, giving full control over to the attacker. Once under control by a threat actor, the risk from a breached IoT device can be devastating; imagine the impact from changing the chemical balance in a municipal water supply, replacing real camera footage with deepfakes, or disrupting transportation systems. These dangers require immediate attention and action.

From when this vulnerability was announced Viakoo’s security team immediately commenced an investigation of its software and systems and has found no evidence of compromise. Viakoo is certified to the SOC-2 Type 2 standard, which means that the security our systems has been validated by third party auditors and that we have ongoing processes and controls in place to prevent breaches or other methods of compromising our systems.

Overview on Log4j
On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell”. This vulnerability has been classified as “Critical” with a CVSS score of 10/10, allowing for Remote Code Execution with system-level privileges or sensitive information leak. 10/10 is the highest level of severity for vulnerabilities, highlighting the urgency with which this must be addressed.

Threat actors are actively trying to exploit this vulnerability, with Check Point reporting that over 100 attempts per minute are being made currently. Urgency on patching and remediating this vulnerability is a key focus in a statement issued by CISA on December 11: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability

Impact on Viakoo Products and Services
The Viakoo Service and Viakoo Agents currently deployed with customers do not use the version of Log4j that contains the vulnerable code. For this reason, our customers and service were not exposed, and do not need to take any action. If you have questions related to either of these issues, please contact us at support@viakoo.com.

How Viakoo Can Help You Defend Against Log4j
Viakoo recommends the use of asset discover solutions combined with a threat assessment solution to determine which devices in your environment are vulnerable. Knowing what you have in your inventory and if vulnerabilities are present is simply good cyber hygiene, regardless of the threat from Log4j. If you already use an asset discovery solution (such as Armis, Forescout, Claroty, Ordr, and others), the Viakoo Action Platform can perform bi-directional synchronization so that the network-based discovery data can be enhanced with Viakoo’s application-based discovery information, providing a richer understanding of your devices and how they are performing. Using together Viakoo, asset discovery, and threat assessment solutions is the best and fastest way to develop a plan on how to remediate vulnerable IoT devices.

Remediating IoT cyber vulnerabilities requires updating the device firmware; the quicker this is performed the smaller the attack surface and overall risk to your organization. Viakoo’s Device Firmware Manager (DFM) is an award-winning solution designed to automate at scale deployment of firmware updates across your entire infrastructure with a secure “chain of trust” methodology. Unlike other solutions that require “line of sight” to the devices, Viakoo’s patented technology can be deployed globally to ensure new firmware is implemented quickly – a key factor in shutting down the danger of the Log4j vulnerability.

Another critical consideration is that botnet “armies” (such as Mirai and similar ones) are being used to actively find systems that contain the Log4j vulnerability. Many such botnets are hosted on unpatched IoT systems, especially IP cameras and access control systems. Therefore, updating the firmware on your IoT devices, even if they do not use Log4j, is critically important to stopping the spread of this vulnerability (as well as ransomware and other malware). Keeping your systems on the latest and most secure firmware is a solvable problem using Viakoo’s automated DFM, and should be the foundation of any organizations ongoing cyber hygiene efforts.

Getting started is easy. Viakoo DFM is simple to demonstrate and deploy; you can sign up here (https://www.viakoo.com/request-a-demo) for your own personalized demo. Viakoo can also help with other critical cyber hygiene tasks, such as certificate deployment and management on IoT devices, password policy enforcement, and overall service assurance of your IoT systems. Log4j is yet another warning sign that the danger of unpatched and unmanaged IoT devices is too great for any organization to tolerate; Viakoo is ready to help you eliminate this risk and create sustainable IoT cyber hygiene.

Share this