Security Alert: Log4j
Last Updated 3/2
As reported in the media there is a significant increase in major cybersecurity attacks globally. To address this threat, GW IT has been diligently evaluating university systems to ensure that we contain any potential impact from this vulnerability. We have been actively collaborating with MFA IS&T and other campus partners. We are sharing this information in an effort to keep the GW Community informed.
What is Log4j?
On December 09, 2021, a serious security vulnerability in the widely used Apache web application was discovered as a zero-day exploit and code-named Log4Shell or Log4j (CVE-2021-44228). Zero day exploits are flaws within hardware or software that once discovered make systems vulnerable to malicious activity until the flaw is identified and patches can be developed. A detailed description of the Log4j vulnerability can be found on the Apache Log4j Security Vulnerabilities page.
How Does This Impact Me, and Why Is It Important?
This vulnerability may impact any online services while mitigation efforts are completed. When a system is vulnerable it can be accessed by anyone for malicious intent. This includes theft of data and disrupting user access to an application or system. You are encouraged to ensure your devices (desktop, laptop, mobile device, and tablet) are running up-to-date software in a timely manner.
What Can You Do to Help?
- If you notice any suspicious activity on a system you support please contact GW IT support immediately.
- Vendors are rolling out patches/updates as fast as they can. Make sure your internet-connected devices, apps, and software are patched and up to date in a timely manner.
- Before leaving campus for the holiday break, power down or remove from the network any servers or devices that will not be in use,
- If you support systems for the GW community, like servers or 3rd party hosted applications, review your systems now and patch or implement vendor mitigations immediately. If you cannot implement mitigations or install vendor patches, please contact GW IT support immediately.
- Be on the lookout for an increase in phishing attempts. Visit our GW IT security page on how to avoid phishing for more information.
What Are We Doing?
GW IT continues to follow security best practices including those recommended by Apache and continue to monitor for further updates. If you manage the relationship with a SaaS vendor or run a vented product with a web interface, please continue to work with the vendor to keep your environment up-to-date and patched.
A new release of a Log4j patch 2.17.0 by Apache was released late yesterday to solve denial of service vulnerability CVE-2021-45105. This is the second patch release/update in what will likely be a recurring pattern of incremental patch releases.
Following the notice of this vulnerability, GW IT and MFA IS&T immediately began evaluating our primary systems, and identifying systems containing the Log4j vulnerability. GWeb, Banner, Webex, Zoom, Epic, and Microsoft Teams are among the applications that have been identified as not containing the Log4j vulnerability.
We’ve taken additional security measures to strengthen our protections. We added automatic blocks to our firewalls, and increased monitoring of potential compromise attacks. We have set up Log4j-specific scanning that will be performed regularly. Analyzed malicious exploit files collected by our security tools. GW IT and MFA IS&T security staff are sharing information, findings and expertise related to discovering this vulnerability including coordinating network scans across GW and MFA networks.
GW IT system administrators and other campus partners, including 3rd party vendors, are working to identify any vulnerable GW applications. GW IT is coordinating with service providers and vendors to evaluate remediation plans including patch and updates. GW IT and MFA IS&T will continue to monitor this situation and may take further precautionary measures as deemed appropriate.
If you need assistance or have any questions, contact GW IT support or visit us at any of our walk-in support centers.
For MFA related activities, contact MFA IS&T Security Assistance at [email protected]
801 22nd Street, NW B101
Washington, DC 20052