ZTEdge Customers – Staying Ahead of CVE-2021-44228

Author Avatar

by

Posted on December 14, 2021

Want to interview Nick?

Contact

CVE-2021-44228 is an easily exploited vulnerability in a Java-based library known as Apache Log4j 2 that allows developers of internet services or internet-connected products to log data in their app, including data that users provide. In the case of this specific vulnerability, cybercriminals can access a lookup mechanism in the software that can then be manipulated to give them full server control.

Hackers are Quickly Getting in on the Action

Every company that provides internet services or products that are internet-connected is at risk from this flaw. Hackers can get into their systems and once in, gather data or even steal money. And cybercriminals are seizing the opportunity: Since the vulnerability was revealed, hackers have been actively scanning the internet to find vulnerable instances of Log4j that they can exploit – and the numbers are growing by the hour.

At the time of this writing, Apache has issued a second patch to fix the vulnerability, after a bypass was discovered for the initial patch. But since this vulnerability affects countless numbers of applications that are widely used for business and by individual users, it is likely to remain active and unpatched in at least some systems for a long while.

For users of exploited applications, the news is grim: Once a server of an internet service has been exploited, any user data that is on those companies’ server may be exposed. And virtually all use services that have been exploited or still remain at risk of being attacked.

ZTEdge – Rapid Protection from New-Found Vulnerabilities

Given its impact on all organizations running Java workloads, Log4j is a particularly concerning vulnerability that can be easily exploited around the globe to do a great deal of damage. Fortunately, ZTEdge, Ericom Software’s cloud-based SASE platform, provides organizations with several crucial defenses against the Log4j exploits.

The ZTEdge platform’s core Intrusion Prevention System (IPS) actively monitors all traffic flows from user to application for patterns that match malicious intent – behaviors and interactions that, as in this case, might include a hacker scanning the internet to find vulnerable instances of Log4j or attempting to set a malicious Java class string on an LDAP server, or attempting to move laterally once inside of an organization’s network in search of applications using Log4j.

When a potentially malicious event is detected, ZTEdge stops the exploit in its tracks. Alerts may be issued and details about the attempt, including when it occurred, the user involved and where they were located are all recorded for further investigation. Since the monitoring is provided as a cloud service, organizations that use ZTEdge are protected without any patching or updating.

ZTEdge engines are continually and automatically updated to ensure they detect the very latest attack patterns. In fact, the ZTEdge security update for the Log4j vulnerability was available in the system within hours of the exploit being published to the world.

ZTEdge users also benefit from the platform’s defense in depth capabilities, whereby multiple security controls are in place at different levels to mitigate against attacks. In the case of CVE-2021-44228, besides the IPS protections discussed, ZTEdge Web’s secure web (SWG) gateway can help prevent this vulnerability from being exploited. So, for instance, ZTEdge’s SWG application policies can be set to block “jndi:ldap” and “jndi:dns” user agents, thereby preventing attacks attempting to leverage the Log4j vulnerability.

Continued Vigilance

Our team, and the ZTEdge platform itself, will continue to monitor and deploy CVE-specific security rules based on new attack variants for all of our customers. For customers looking for additional support, or if you are looking for protection from CVE-2021-44228, please contact us.


Share this on:

Author Avatar

About Nick Kael

A cybersecurity expert with over 20 years of experience in web technologies, architecture, infrastructure, networking and dev environments, Nick is responsible for solution management, technology strategy and technology partnerships. Nick was previously Symantec Group CTO for Global Service Providers, following his tenure as Director of the Chief Architect Team for Channel and Service Providers at Zscaler and an earlier position in the Symantec CTO organization. His certifications include CEH7, CCSK, BCCPP, Bluecoat Blue Knight, MCSE + Security, CCDP, CCNA, CCSA, VTP5 and VTSP5.

Recent Posts

“Operation Duck Hunt” Shuts Down QakBot Botnet

The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.

How GenAI is Supercharging Zero-Day Cyberattacks

Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.

Cybercriminals Disdain the Law, But Find Law Firms Attractive

Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.