Zero-day threats are becoming increasingly commonplace in the cybersecurity industry. It’s no longer if malicious actors will strike, but rather when.  

On December 9, 2021, Chen Zhaojun, a member of Alibaba’s Cloud Security team, found an exploitable flaw in Apache’s log4j. His discovery set off fireworks in the cybersecurity community. Vendors were forced to work around the clock to create a patch to fix this vulnerability…FAST. The official designation of the log4j vulnerability is CVE-2021-44228. On the Common Vulnerability Scoring System scale of 1-10, 1 being the lowest severity, and 10 being the most critical severity, log4j scored a severity rating of 10. In fact, this vulnerability was deemed so bad that Jen Easterly, Director of Cybersecurity, at the Cybersecurity and Infrastructure Security Agency (CISA), said, “It’s one of the most serious” that she’s seen in her “entire career.” 

What is log4j? 

Apache’s log4j is a free and open-source logging library, used in various industries. Log4j provides a free source for computer engineers to audit code and test for bugs. The greatest irony of this incident is that the “bug-detector” had a bug, which turned out to be a zero-day remote code execution vulnerability. According to Bitdefender researchers, this vulnerability, “Allows attackers to download and run scripts on targeted servers, leaving them open to complete remote control.”  

Who was impacted by log4j? 

It is no surprise that log4j impacted some of the largest companies including Apple, Twitter, Amazon, LinkedIn, and CloudFlare. Also, Dragos Intelligence said, “This cross-cutting vulnerability, which is vendor-agnostic and affects both proprietary and open-source software, will leave a wide swathe of industries exposed to remote exploitation, including electric power, water, food and beverage, manufacturing, transportation, and more.” Log4j’s potential ramifications are alarming. 

How was STS prepared for Log4? 

We proactively monitor vulnerabilities and threats 24/7/365. In addition to actively monitoring common vulnerabilities and exposures (CVEs) to identify any zero-day attacks, we also track the Center for Internet Security’s announcements and prevention methods, and other security-related communities. Our ongoing vigilance enables us to quickly locate, investigate and remediate any emerging threats.  

Because of our strong cybersecurity practices, processes, and partner relationships, we were prepared to respond immediately to neutralize the log4j threat. Our early awareness and detection capabilities were key to our quick threat detection. In addition, our dedicated and committed, highly trained team, along with our close relationship with our STS Security partner, enabled us to respond swiftly and decisively. When it comes to cybersecurity, we mean business. 

What steps did STS take to remediate log4j? 

In the log4j case, we worked with our security partner in identifying and investigating the threat as well as on validating the remediation process. Then, our team of engineers created a remediation implementation plan, which they immediately acted on. The entire team worked nonstop through the night till early morning to ensure that the log4j threat had been eliminated.  

Here are the steps we followed to remediate log4j: 

1. Identify (Worked with STS Security Partner) 

• Activated STS’ CIRT (Cyber Incident Response Team) to review the CVE and its severity. 
• Deployed scanning tools to identify the vulnerability on our client’s and STS owned environments. 
• Reviewed those same environments for any signs of a threat actors trying to breach the front door using the log4J vulnerability.  
• Determined which areas were exposed and worked with vendors to obtain patches for these systems. 

2. Mitigate 

• Worked with all vendors to test and deploy patches to non-production systems to ensure system availability post patching. 
• Deployed the CIRT to develop and document a plan for remediation activities across all impacted systems and platforms. 
• Locked down the entire environment and patched all production systems as soon as patches were available.  

3. Containment 

• Ran all newly patched systems through multiple levels of confirmations to prove threat was neutralized. This included re-running all scans performed in the initial identification stages. 
• Reviewed results and validated findings with STS’ Security Team including both internal and external cybersecurity parties. 

How is STS preparing for the future of Cybersecurity, while keeping current with technological changes? 

We are always preparing for the next cyberthreat. We understand that we are as much, if not more of a target, than our clients. We must actively engage in the cyber security community to effectively help our clients, and our team members stay on top of the latest threats.  

Your company’s cybersecurity risk can increase in the blink of an eye. New technological advances can improve our lives, or, in the wrong hands, could destroy us too. In a matter of days, a new global cybersecurity vulnerability can put any company at risk. Cyber criminals are not prejudiced, only opportunists that will happily target any business in any industry. We invest in our company to have the best people, most up-to-date technological resources, and the best training, to fight these malicious threats and actors.  

What separates STS from other Managed Services Providers? 

Our company is built upon our core values, which are embodied by our entire team. Our Statement on Standards for Attestation Engagements (SSAE)-19 certification illustrates our commitment to cybersecurity at every level of our business. Earning this certification demands a serious time and resource commitment, which is why we are the Only Legal Focused Managed Services Partner in the Los Angeles County area that holds it. We value the rigor of the SSAE-19 certification process. We appreciate meticulous training, and recognize the SSAE-19 guidelines, which will be the foundation in eliminating the worst cyber threats. Therefore, we are excited to start our journey on achieving the latest SSAE certification and look forward to continuously being at the forefront of cybersecurity.  

Not only do we invest heavily in increasing our clients’ cybersecurity maturity to reduce their overall risk, we commit to ensuring that we achieve and maintain a high cybersecurity maturity level company wide. We prove ourselves each year through an annual audit and pass with excellence. We walk our talk and will show your firm how to do the same.  

If you’d like to learn more about our cybersecurity maturity program, please contact us here.