On Thursday, December 9, Apache published a zero-day vulnerability (CVE-2021-44228). Known as “Log4Shell”, this vulnerability is a critical remote code execution vulnerability in Apache’s Log4j software library, which is of extreme concern to the security community due to its widespread usage and potential for exploitation.
This flaw impacts Apache Log4J, versions 2.0 to 2.14.1, a free, open-source logging library that is used by a huge number of companies, including some of the biggest tech giants. Companies have been scrambling to install patches for the bug, as threat actors scan for instances of the vulnerability, which they have used in attempts to install cryptocurrency-mining malware, as well as ransomware.
Because this vulnerability is so disruptive, RH-ISAC has prioritized the dissemination of related intelligence, including immediately creating a page for updates about Log4j in Member Exchange, RH-ISAC’s online community. Since Friday, this page has served as a hub for key updates as they are released and a place for members to collaborate about this vulnerability.
For many teams, determining whether their company or third-party vendors have been impacted has consumed their day-to-day operations. In response, regularly scheduled RH-ISAC collaboration has pivoted to focus on providing a platform for exchange about Log4j. The Weekly Intelligence Call on December 14 saw nearly three times the usual participation as analysts logged in to ask questions and hear from trusted peers discussing how they are responding to and planning for future mitigation of this threat.
Similarly, RH-ISAC’s daily intel report, which typically provides an overview of all intel shared that day, has been augmented by a daily intelligence summary featuring vetted intel surrounding the Log4j vulnerability, ensuring the information that members receive about this vulnerability is accurate and timely.
For RH-ISAC and its members, this incident is a reminder of just how important it is to belong to a community dedicated to the exchange of knowledge with the mission to protect as one.
Though these resources in their entirety are available exclusively to members, RH-ISAC, as the cybersecurity voice for the entire retail and hospitality sector, is providing limited versions of our Log4j material to companies in the industry that meet membership eligibility criteria. If you are interested in accessing this material, reach out to firstname.lastname@example.org.