SharkStriker Unveils its Detection and Mitigation Steps to Fight Log4j Vulnerability

WALNUT CREEK, Calif. - Dec. 20, 2021 - PRLog -- Walnut Creek CA 94956: Log4j, a commonly used logging Java library created by Apache Software Foundation, was found to have a critical vulnerability named CVE-2021-44228.

The vulnerability is quoted to be highly critical and can impact countless servers. Hence, we recommend analyzing all the Log4j logs and any outbound requests made to the library, says Mr. Kunal Popat, Co-Founder at SharkStriker.

The Log4j vulnerability is a major incident the most critical until now, as described by some reputed public sources. We as reputed cybersecurity service providers are always on our toes to detect and fight such critical risks. As soon as our threat lab researchers caught this vulnerability during their continuous threat hunting process, SharkStriker's global security operations team has been taking several steps to ensure the security of our infrastructure and our partners and customers' organizations.

● We assessed our own infrastructure to ensure that it is secure completely protected has a remediation plan and can prevent any vulnerability so that we don't become the medium through which adversaries can attack our partners.

● We crafted and deployed new detection and protection rules for our security tools and services based on the thousands of automated attack attempts caught by our Honeypot and the advice from the analyst community which included:

○ Since the vulnerability is in a Java library we created rules to identify any suspicious outbound traffic originating from a Java process.

○ We documented all the vulnerable libraries and the adjacent hashes to create detection rules to alert any outbound traffic going from the libraries to malicious IP addresses.

● We added many IOCs identified from our Honeypot and highlighted by analyst community feeds to our threat detection mechanism to enhance threat Intel feeds and ensure detection of suspicious traffic in real-time.

● We tried to mitigate the panic by quickly releasing a security advisory across our partners and customers to spread awareness about the vulnerability. The advisory precisely highlighted the brief about the Log4J vulnerability, patches, and workarounds available, and what our SOC team was doing to ensure our partners' and customers' IT environments were secure.

● We reached out to all our customers who were vulnerable to the exploit to ensure that they had upgraded the applications and applied the configuration tweaks, ensuring their protection.

● We finally made all the information about the vulnerability, including the background, impact, prevention measures, IOCs, etc., available through a blog post.

Our team has done this in the first 24 hours of the exploit release. And we know that this is a continuous process, and we will continue to take all the possible measures to secure our partners and customers.

Website: https://sharkstriker.com/