A zero-day exploit of Apache Log4j 2 (“Log4Shell”, CVE-2021-44228) was disclosed on 9 December 2021. CISA, NCSC, ACSC, and CERTNZ have observed active exploitation of this vulnerability.

The high severity vulnerability in Log4j (a logging library present in many Java-based applications) allows for Remote Code Execution (RCE) on a server.

Log4j is present in many frameworks, making the impact widespread – Minecraft: Java Edition, Apple, Amazon, Steam, Twitter, and more are reportedly affected. The number of interdependencies around Log4j makes this vulnerability extremely serious.

A successful exploit leads to a malicious actor gaining complete, unauthenticated access to the target system and control log messages and log message parameters.

RedShield protected all customers within 24 hours

As soon as this issue was made public, RedShield engineers worked to develop and test web application shields to mitigate this high severity vulnerability. Shields were produced and tested by 08:22, Friday 10 December (EST).

We subsequently took steps to protect all customers from exploits targeting this vulnerability, and began deploying the new shields across all customer applications. This was completed for all customers by 22:18, Friday 10 December (EST).

WAFs are being bypassed. RedShield’s proprietary signatures and shields are mitigating risks.

Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, since the vulnerability was disclosed, we have seen other WAF vendor signatures being bypassed.

RedShield’s defensive strategy has a three prong approach:

  • We use proprietary RedShield shields that escape user input for vulnerable applications
  • We use proprietary RedShield WAF bypass signatures
  • We use threat containment measures such as RedShield dynamic attacker banning.
As malicious actors continue to find innovative attack methods using this vulnerability, we are actively monitoring for new methods and developing new shields to mitigate bypass attack variants. Following our first iteration of shields for Log4j on 10 December, we are now on to our fourth iteration of defenses.

As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.

We also understand that security should never compromise customer experience. Our security analysts fine-tune configurations for any false positives to reduce impact on legitimate users.

RedShield can shield you in 24 hours

If you have other applications using Java, we can build and apply Log4j shields for new customers within 24 hours. New customers can opt to have solely these shields for Log4j and emergency deployment slots will be filled on a “first in first served” basis.

Contact support@redshield.co to discuss emergency deployment. Solutions Architects will be available for consultation around your specific environment.

Next article: What are Dictionary Attacks? And how can you effectively mitigate them?
All Knowledge base

See how we can shield your web applications and APIs

Get a free trial or talk to one of our experts

Free trial
or
Talk to us