Essential components: A house of cards

It can be a bother when one of your components is affected by a vulnerability. When said components are tightly integrated and vital to one's operation, however, they can cause quite a bit of trouble that can severely affect the daily operations.

As we have seen in the recent times, especially regarding the recent Log4j vulnerabilities, when such components are very integral to a system, the results can be catastrophic. The series of Log4j vulnerabilities, namely CVE-2021-44832, 45105, 45046 and 44228, resulted in what is estimated to be hundreds of millions of vulnerable devices. This caused a tumultuous period for organisations where significant downtime and exploited systems ran rampant. Some even experienced crypto-miners being installed on their system as a result of these vulnerabilities.

All essential software should be seen as a potential attack vector

When one of the arguably most popular logging tools gets affected, it stands to reason that we should think of all essential and ubiquitous software as being a potential attack vector. For example, whilst being a rare attack vector these days, back in 2014 the Heartbleed vulnerability of OpenSSL (CVE-2014-0160) was running rampant. The ubiquitousness of this essential component made quite a ruckus and while many systems were patched in a rapid fashion, quite a few systems were still vulnerable for a long while after.

Log4j alone resulted in hundreds of millions of vulnerable devices

In fact, even back in 2017, 200,000 devices were still affected by the Heartbleed bug in OpenSSL. While some might be surprised that even after three whole years such a vulnerability is still present, it shows how essential it is to patch one’s systems.

Similarly, there are a lot of essential components from the NPM package manager JavaScript that many websites use today. One of these libraries, “handlebars” which is a popular templating engine, had last year a remote code execution (RCE) vulnerability that made it possible for malicious actors to execute code on the affected server (CVE-2021-23369). While this is only one component, there may be potentially hundreds, if not thousands of dependencies that may all at some point be vulnerable in the future. Constant patching is therefore vital in such situations.

Early detection and constant analysis are essential in preventing emerging threats

It is not unreasonable to think that the same will happen to the Log4j vulnerabilities and all the coming vulnerabilities of many essential components that we currently use today. Hence, it is very important to employ early detection, for example in the form of anomaly analysis and other XDR methods, as well as constant analysis. While there is an initial investment, such is likely to save organisations a lot of resources and money in the long run. From a PR perspective, it paints also a very trustable picture of organisations that can stay on top of emerging threats and zero-day exploits.

Author: Maxine Brandal Vågnes, Security Analyst, Sorasec

Do you want to hear more about how to reduce the risk of becoming a victim of a cyber attack? Contact us!