In the early days of December, 2021, it was announced that an important software used by developers to keep logs and records of their development on a software has a vulnerability that allows hackers to access it even remotely. LOG4J is the software hence the name LOG4J Vulnerability. This Vulnerability is ravaging windows and Linus operating systems.
Since then a lot of work has been done to introduce several patches to secure different softwares. However, despite all these patches, there have been reports in different parts of the world of breaches arising from the vulnerability. VentureBeat has reported a couple of attacks as result of the LOG4J Vulnerability which include Dridex, a malware that attacks financial institutions as reported by Cryptolaemus security research group. VentureBeat also reported that a Belgian defense ministry experienced a cyber attack which was traced to the same vulnerability.
In addition, Akamai Technology said that “certain aggressive attackers are performing a huge volume of scans, targeting Windows machines” by leveraging the vulnerability in Log4j. Uptycs Researchers have also reported the possibility of LOG4J being used to deliver botnet malwares. Checkpoint in a blog post also reported that it has discovered over 60 variations of attack arising from vulnerability listing Bitcoin mining as top of the software experiencing the vulnerability. It also reported that an Iranian state-backed hackers used the same to attack Israeli government and businesses.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Due to the above uprising, it follows that Nigerian businesses should be proactive in dealing with these issues as they are not exempt from receiving the gift of Santa Claus being shared in cyberspace.
In this article, I will analyse the basic steps Nigerian businesses can take to stay proactive in this time.
Assessment of Software
It will be dangerous to assume your company is safe when you are not sure of the tools your developers use. Ensure that the developers conduct an assessment of all the software they use and run security tests on all of them. Check all software for scanning activities and any other sort of exploitation. Majorly, Linus and Windows are easily affected by the vulnerability but at this time it is important to do a general assessment and penetration test on all platforms.
Update Software
Several patches have been introduced by security engineers. Get updates to the patches and install patches to all affected software. Of course it is important to note that there will be several patches in the black market, it will be dangerous to just install anything. Contact your trusted software producers for updates on their software. Ensure your Infosec team (if you have any) conduct tests on all patches to be installed.
Conduct Cybersecurity Awareness
It is often said that a strong firewall is useless if the human wall is weak. Although it is the holiday season, it is of utmost importance to conduct Cybersecurity Awareness for all employees including the developers in the company. This will help all employees contribute to the safety of the company. A chain is as strong as its weakest link.
Report Data Breach
In the event you discover that a breach has occurred and personal data has been breached, report the same to NITDA. Although the Nigerian Data Protection Regulation is silent on reports of data breaches, the Implementation Framework for the Nigeria Data Protection Regulation compels you to report such data breach within 72 hours of discovering the breach. It is also important to inform data subjects where the breach will lead to high risks to the data subject.
Review InfoSec Policies
This is a time to conduct a review of all internal InfoSec Policies. Also, reemphasize the need for employees to follow all cyber security steps put in place in the policies. Policies are not meant to sit on the computers but to guide everyone in the company on compliance with Data and cyber security measures. So as you review the policies, ensure enforcement of the same.
Implement Protective network monitoring and blocking
It is suggested that businesses think about detecting exploitation attempts, and some may want to adopt defensive blocking at the HTTP or packet layers. Web Application Firewalls (WAFs) users should make sure there are rules in place to guard against this issue. Blocking URLs containing strings like “jndi:ldap” is one example. Variants of the exploit string may be able to get around current WAF regulations. As a result, WAFs should not be used as the sole control.
Businesses that understand how their servers handle typical outgoing connections may want to be sure they’re blocking unexpected outbound connections as well (particularly LDAP, LDAPS and RMI, however exploits may work over arbitrary ports). Blocking outbound connections without first knowing why they are needed may prevent exploitation, but it may also cause services to fail if they rely on them.
Conclusion
Due to this LOG4J Vulnerability, a lot of attacks and breaches may occur on the coming months. It is advised that businesses, more than ever before, sensitize their customers on how to react to phishing emails, texts and vishing calls. Board members and executive officers are also advised to ensure that their employees are putting in all proactive measures to ensure that their company is safe from the LOG4J Vulnerability. When data is shared with third parties, it will be necessary to contact such and ensure they put in place security infrastructures that will ensure that data breach is prevented. In the end, a cyber security culture is the most important for all businesses at this time.