SkyTerra’s Ongoing Response to the Apache Log4j Vulnerability

SkyTerra Technologies is providing this update in response to the recently discovered Log4j vulnerability.

SkyTerra's response to the Log4j vulnerability

Summary

On December 9th, 2021, a remote code execution (RCE) vulnerability in Apache Log4j was discovered. This code, while submitting a crafted request, could access the system and tell it to download and execute malicious payloads.

What Is Log4j and the Associated Issue?

Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.

The Log4j flaw, recently disclosed by Apache, allows attackers to execute code remotely on a target computer, meaning they can steal data, install malware, or take control. More information regarding the vulnerability can be found here:

What Has SkyTerra Already Done?

The SkyTerra team has deployed custom Azure Sentinel Analytics that will alert us to known exploits of the breach for our Managed Service clients.  

For those clients not directly managed with our Sentinel deployments, we have enabled log analytics and alerts in those tenants to notify those clients and SkyTerra of possible breaches.

What Is SkyTerra Going To Do Next?

After working on the Log4J issues for the past few weeks, the Microsoft Security development team has containerized their updated Log4j scanning scripts. This means the scripts are automatically updated with the newest scanning capabilities and can stop, notify, and alert attempted threats before they happen. This is a critical capability as the attacks on the vulnerability have been rapidly mutating.

What Can You Do?

To leverage this new service, SkyTerra highly recommends deploying the analytics capabilities to your environment.  We can do this for you and schedule a quick walkthrough on how to monitor, halt, and fix any potential threats.

If you are interested in having these protections applied to your environment, please contact us.