Log4Shell Vulnerability

December 14, 2021

 hero Image

As you may already be aware, there is a new and ongoing Cybersecurity threat called the Log4Shell vulnerability that we have been tracking since last week.

Below is a summary of what we know and actions we have taken.

WHAT IS IT: Log4Shell Vulnerability is a zero-day vulnerability, potentially impacting a widely used logging library found on many web servers.

WHO: Log4J is an open-source software, used by many vendors and their applications to support logging of events and activities.

HOW: This vulnerability affects a Java logging package, known as Log4j. Through this component, attackers can control log messages or log message parameters to execute arbitrary code and potentially take control of systems.

Like many vulnerabilities of this breadth and potential magnitude, the full extent of its effect has not yet been fully identified and will likely take time to be fully actualized and understood.

WHEN: On or about December 9th, a wide-spread Apache software-based vulnerability known as CVE-2021-44228, was reported.

On December 11th, the Cybersecurity and Infrastructure Security Agency (CISA) called the log4j vulnerability a “severe risk” and offered a 4-step patching guidance. (See here: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).

Based on the current reporting as of today, December 14, 2021, neither Align nor its systems have been directly affected by this vulnerability.

WHAT TO DO:

Align Managed Service clients:

  • Align has been actively communicating with its third-party vendors and software providers to ensure they have taken appropriate actions to protect their software against this vulnerability.
  • We are actively running scans leveraging Align tools and our clients' various licensed software (Microsoft, CATO, Carbon Black, etc.) to identify any devices that have instances of the Log4JShell files. If we determine there is a potential impact to a machine or device, we will reach out to customers directly, to either remediate or shut down impacted machines.
  • For our customers that leverage Microsoft 365 E5 or Microsoft 365 E5 Security, we are using vulnerability scanning capability to not only identify but also to prevent the vulnerability from being exploited. This same protection may be available to clients that use other forms of managed detection and response.

For clients that use Align’s Guardian Network and Endpoint (in conjunction with Align’s Managed Services or as stand-alone):

  • Align Managed Services clients that are leveraging Align Guardian Managed Threat Protection will have continued 24x7x365 monitoring by our Security Operations Center (SOC) against known and unknown threats in real-time. This enables us to continuously monitor, detect and respond to suspicious activity in your network, safeguarding your critical infrastructure from malicious hackers.   
  • Align Guardian Network clients - eSentire has developed and deployed rules for MDR for Network to identify exploitation activity.
  • Align Guardian esEndpoint clients- eSentire has deployed post-exploitation rules for MDR for Endpoint, and are actively working to create additional MDR for Endpoint detections.

For clients that have in-house IT or outsource their IT function outside of Align:

  • Contact any of your third-party service providers that may have been affected and ensure that they are taking appropriate measures. Specifically, you should inquire whether any such firms are running websites or software that use the Log4j packages.
  • Remain aware and vigilant with all your routine cybersecurity controls, including patching and education.
  • If you are unable to contact your MSP, cannot get a clear answer, or have further questions about Log4j or other cybersecurity concerns, please feel free to reach out to Align at any of the methods below:

Account Management Team email: AccountMGMT@align.com
Align Managed Services Team email: help@align.com
Cyber Team email - cyber@align.com
Alex Bazay, CISO - abazay@align.com
Dan Lyons, Sales and Bus Dev - dlyons@align.com
Phone: 1 855-IT-ALIGN (1-855-482-5446)

As our work to investigate and remediate any issues caused by the Log4j vulnerability continues, we will update you with any additional details.

Thank you,

The Align Team

help@align.com

www.align.com

www.align.com/support

Additional Information and Cybersecurity Guidance: 

  • Preventing cybercriminals from infiltrating your network starts with your first line of defense, your staff. Align's clients are better equipped at dealing with current and emerging risks because they have created a robust culture of security through leveraging our Security Awareness Training
  • If you are a managed services customer, familiarize your team with our Service Desk's contact information: 
  • Explore more information on Align's Cybersecurity Advisory Practice

Tags: Cybersecurity, Business Intelligence