December 22, 2021
CSE’s Canadian Centre for Cyber Security joined cyber security partners from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the Computer Emergency Response Team New Zealand (CERT NZ), and industry members of CISA’s Joint Cyber Defence Collaborative, issuing a joint advisory responding to multiple vulnerabilities in Apache’s Log4j software library. Advanced persistent threat (APT) actors are actively scanning networks to potentially exploit these vulnerabilities and vulnerable systems.
This joint CSA expands on advice and guidance the Cyber Centre has previously issued by detailing steps that vendors and organizations with IT and/or cloud assets should volountarily take to respond to these vulnerabilities.
These steps include:
- Identifying assets affected by Log4Shell and other Log4j-related vulnerabilities,
- Upgrading Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates, and
- Initiating hunt and incident response procedures to detect possible Log4Shell exploitation.
The CSA also provides guidance for affected organizations with operational technology (OT)/industrial control systems (ICS) assets.