There are two things in this world that keep IT people up at night. One is the qualms of a hefty workload that keeps getting expanded; the other is IT system vulnerabilities. So, when vulnerabilities like the Apache log4j vulnerability are brought to light, they strike fear in the hearts of IT teams everywhere.
Computer vulnerabilities pose a security risk to any online environment. At best, they are an annoyance, and at worst, they can be a full-fledged disaster. This is because they allow bad actors to breach systems, access classified data, or perform unauthorized tasks.
In December 2021, a serious vulnerability in the popular Java-based logging library Log4j was disclosed. The Apache log4j vulnerability allowed attackers to access a target computing device and make changes remotely. The log4j exploit falls under the Remote Code Execution (RCE) category.
In this article, we will go over the basics of Remote Code Execution (RCE) and the log4j security vulnerability, what you need to know about the vulnerability, and what Y Soft is doing to ensure the safety of your printing infrastructure. Let’s jump in!
What is Remote Code Execution (RCE)?
Remote Code Execution (RCE) is a class of cyberattacks where attackers remotely execute commands to place malware or arbitrary code on an organization’s network or networked devices. In an RCE attack, sensitive data can be compromised without the hackers being required to gain physical access to your network or devices.
The impact of exploiting an RCE vulnerability can range from malware execution to an attacker gaining system privileges and full control over a compromised device. On the more serious side of a vulnerability within this class of cyberattacks, an attacker can install programs, view, change, or delete data, or create new accounts with full user rights.
Remote code execution is an umbrella for a large variety of attacks and arbitrary code. Most commonly, attackers exploit zero-day software vulnerabilities (like the Log4j exploit or the Windows Print Spooler vulnerability) to gain access to a device, network, or web application.
What is Log4j? The Vulnerability Explained
In December of 2021, a concerning vulnerability in the Java-based logging package Log4j was discovered by Chen Zhaojun from Alibaba’s Cloud Security Team. This vulnerability allowed attackers to deploy code on a remote server.
Since the discovery of this vulnerability, which you may also hear referred to as “Log4Shell”, “LogJam,” the “Apache exploit,” or the “Apache vulnerability,” bad actors have made infiltration attempts in the millions. One of the most troubling parts of this vulnerability is that it leaves a window of opportunity so wide that even hackers of low skill levels can infiltrate.
The Log4j vulnerability is severe and has been given a rating of 10 by the Common Vulnerability Scoring System (CVSS), which is the highest possible score. It is a zero-day vulnerability, which means hackers discovered it before internal teams knew of its existence; it’s an undiscovered flaw in an application or operating system, a gap in security for which there is no defense because the software developer doesn’t know it exists.
The Log4j logging library is used for logging messages within the software and is designed to communicate with other services in a system. This communication functionality is where the Log4j vulnerability exists, providing an opening for attackers to inject malicious code into the logs to later be executed on the entire system.
The Log4j Exploit & SAFEQ Cloud Remedy
Like most cloud services, Y Soft’s SAFEQ Cloud service relies on Log4j version 2 to log software information and record application activity. This is a common practice by most companies worldwide that use cloud technology.
Thankfully, Y Soft has existing processes in place to deal with print vulnerabilities like Log4j. This, combined with the expertise of our efficient internal team, allowed us to react quickly to the discovery of the Log4shell vulnerability. We have addressed this critical issue in update 3.18 of SAFEQ Cloud. All partners who rely on our SAFEQ Cloud secure printing software are strongly advised to update their gateways to version 3.18 or newer.
To keep your print infrastructure protected and cloud data security intact, upgrading to new versions of your software is critical. That way you ensure that your infrastructure is proactively protected with patches and enhancements.
All secondary SAFEQ Cloud gateways can be upgraded remotely from the SAFEQ Cloud admin web user interface. For customers relying on private cloud installation, it’s possible to do simple over-the-top upgrades. For more information on this and updating secondary gateways, refer to the SAFEQ Cloud installation and configuration guide (Partner Portal login needed).
Need cloud-high security to keep your user and company data protected? Then SAFEQ Cloud is for you.
Rely on Security in the Cloud with SAFEQ Cloud
Serious security vulnerabilities make the importance of a cloud-based managed print solution more apparent than ever. With options for remote management, high-security standard compliance, and secure pull printing, SAFEQ Cloud remains the most valuable way to ensure that your printing infrastructure remains safe and out of the reach of potential hackers.
While security in the cloud is sometimes questioned, the truth is that cloud solutions are often even safer than legacy systems. While they’re not a risk-free sanctuary, they are built to be easily managed and upgraded as issues or vulnerabilities arise. On top of that, many times vulnerabilities are addressed before they touch the users, thanks to frequent vulnerability scanning and PEN-testing.
It is recommended that existing customers who are running SAFEQ Cloud in private clouds or who have SAFEQ Cloud secondary gateways update their print environment to protect sensitive information. If you’re not already a SAFEQ Cloud user, consider how easy it is to address a critical vulnerability with a cloud solution like this one. Maybe it’s time to make a switch?
FAQs on the Apache Log4j Vulnerability
Q1) Is Log4j Still Vulnerable?
The Log4j vulnerability, or the Log4Shell exploit, is considered one of the most catastrophic software insufficiencies to date. While Apache and solution providers using Log4j in their software were quick to patch the defect in 2021, it continues to plague security and IT teams worldwide.
Apache released fixes and updated versions that remediate the vulnerability. However, thousands of systems are still vulnerable today. The log4j security vulnerability remains one of the most exploited security vulnerabilities under the Remote Code Execution (RCE) class, and as such, its impact still reverberates.
Q2) How Many Attacks Did Log4j Have?
The Log4j zero-day vulnerability took the cybersecurity world by storm. Within the first 72 hours, Log4j had seen more than 800,000 attacks. While not all infiltration attempts have succeeded, it’s clear that the number of infiltration exertions was in the millions. As of April 2022, the cybersecurity firm Rezilion claimed that over 68,000 publicly accessible systems remain at risk.
Final points
For those not running a cloud-based print system, your print environment is becoming more vulnerable to code execution vulnerabilities like the log4shell vulnerability with every print job. Reduce your risk by switching to the latest SAFEQ Cloud version and take advantage of security features that keep your data safe from the log4j exploit and other zero-day vulnerabilities.
With SAFEQ Cloud, we say NO(!) to risky business and user responsibility. The software minimizes the security anxiety for your IT and security team–and brings the responsibility of managing security in your infrastructure to the software’s developers. That’s because security is part of our “No Print Management” outcome-focused offering. Find out more about that below.