www.extrahop.com
Open in
urlscan Pro
34.210.210.110
Public Scan
URL:
https://www.extrahop.com/company/blog/2021/log4j-security-exploit/
Submission: On December 13 via api from US — Scanned from DE
Submission: On December 13 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMName: untitledForm-1367515949663 — POST https://s1701.t.eloqua.com/e/f2
<form method="POST" id="form107" name="untitledForm-1367515949663" role="form" action="https://s1701.t.eloqua.com/e/f2" class="reset-disabled" data-parsley-validate="" data-parsley-trigger="focusout" data-onload="extrahop.undisableForm"
novalidate="">
<input type="hidden" name="elqFormName" value="untitledForm-1367515949663">
<input type="hidden" name="elqSiteId" value="1701">
<input type="hidden" name="elqCampaignId">
<input type="hidden" name="campaignId" value="70180000001EqjnAAC">
<input type="hidden" name="elqCustomerGUID">
<input type="hidden" name="elqCookieWrite" value="0">
<input type="hidden" name="GA_Medium" value="">
<input type="hidden" name="GA_Source" value="">
<input type="hidden" name="GA_Campaign" value="">
<input type="hidden" name="GA_Content" value="">
<input type="hidden" name="GA_Term" value="">
<input type="hidden" name="GA_Product" value="">
<input type="hidden" name="GA_Region" value="">
<input type="hidden" name="GA_Funnelstage" value="">
<input type="hidden" name="GA_Version" value="">
<input type="hidden" name="gclid" value="">
<input type="hidden" name="FormURL" value="">
<input type="hidden" name="uniqueid" value="">
<input type="hidden" name="adgroupname" value="">
<input type="hidden" name="redirectUrl" value="https://www.extrahop.com/company/newsletter-signup-success/" data-sync-host="www">
<div class="inline-input">
<div class="form-group email">
<input id="email" class="form-control garlic-auto-save" name="email" type="email" required="" placeholder="Email Address">
</div>
<div class="form-group">
<input type="submit" class="btn btn-basic" value="Subscribe" data-track-newsletter-subscribe="">
</div>
</div>
</form>
<form>
<input class="st-default-search-input st-search-set-focus" type="text" value="" placeholder="Search this site" aria-label="Search this site" id="st-overlay-search-input" autocomplete="off" autocorrect="off" autocapitalize="off">
</form>
Text Content
* The Platform EXTRAHOP REVEAL(X) 360 CLOUD-NATIVE VISIBILITY, DETECTION, AND RESPONSE FOR THE HYBRID ENTERPRISE. Learn More Explore Reveal(x) How It Works Competitive Comparison Why Decryption Matters Integrations and Automations Cybersecurity Services What is Network Detection and Response (NDR)? Cloud-Native Security Solutions Reveal(x) Enterprise: Self-Managed NDR * Solutions -------------------------------------------------------------------------------- SOLUTIONS With the power of machine learning, gain the insight you need to solve pressing challenges. FOR SECURITY Stand up to threats with real-time detection and fast response. Learn More > FOR CLOUD Gain complete visibility for cloud, multi-cloud, or hybrid environments. Learn More > FOR IT OPS Share information, boost collaboration without sacrificing security. Learn More > BY INITIATIVE * Advanced Threats * Security Operations Transformation * Enterprise IoT Security * Integrate NDR and SIEM * Implement Zero Trust * Multicloud & Hybrid Cloud Security BY VERTICAL * Financial Services * Healthcare * e-Commerce and Retail * U.S. Public Sector Featured Customer Story WIZARDS OF THE COAST Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop Read More See All Customer Stories > * Customers -------------------------------------------------------------------------------- CUSTOMERS Our customers stop cybercriminals in their tracks while streamlining workflows. Learn how or get support. COMMUNITY * Customer Portal Login * Solution Bundles Gallery * Community Forums * Customer Stories SERVICES * Services Overview * Reveal(x) Advisor * Deployment TRAINING * Training Overview * Training Sessions SUPPORT * Support Overview * Documentation * Hardware Policies Featured Customer Story WIZARDS OF THE COAST Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop Read More See All Customer Stories > * Partners -------------------------------------------------------------------------------- PARTNERS Our partners help extend the upper hand to more teams, across more platforms. CHANNEL PARTNERS * Channel Overview * Managed Services Providers * Overwatch Managed NDR INTEGRATION PARTNERS * CrowdStrike * Amazon Web Services * Security for Google Cloud * All Technology Partners PANORAMA PROGRAM * Partner Program Information * Partner Portal Login * Become a Partner Featured Integration Partner CROWDSTRIKE Detect network attacks. Correlate threat intelligence and forensics. Auto-contain impacted endpoints. Inventory unmanaged devices and IoT. Read More See All Integration Partners > * Blog * More * About Us * News & Events * Careers * Resources * About Us * The ExtraHop Advantage * What Is Cloud-Native? * Leadership * Board of Directors * Contact Us * Explore the Interactive Online Demo * Take the Hunter Challenge * Upcoming Webinars and Events * Newsroom HUNTER CHALLENGE Get hands-on with ExtraHop's cloud-native NDR platform in a capture the flag style event. Read More * Careers at ExtraHop * Search Openings * Connect on LinkedIn * All Resources * Customer Stories * Remote Access Resource Hub * White Papers * Datasheets * Industry Reports * Webinars * Network Attack Library * Protocol Library * Documentation * Firmware * Training Videos Login Logout Start Demo THE PLATFORM SOLUTIONS CUSTOMERS PARTNERS BLOG MORE START THE DEMO CONTACT US Back EXTRAHOP REVEAL(X) 360 Cloud-native visibility, detection, and response for the hybrid enterprise. Learn More HOW IT WORKS COMPETITIVE COMPARISON WHY DECRYPTION MATTERS INTEGRATIONS AND AUTOMATIONS CYBERSECURITY SERVICES WHAT IS NETWORK DETECTION AND RESPONSE (NDR)? CLOUD-NATIVE SECURITY SOLUTIONS REVEAL(X) ENTERPRISE: SELF-MANAGED NDR Back SOLUTIONS Learn More SECURITY CLOUD IT OPS USE CASES EXPLORE BY INDUSTRY VERTICAL Back CUSTOMERS Customer resources, training, case studies, and more. Learn More CUSTOMER PORTAL LOGIN CYBERSECURITY SERVICES TRAINING EXTRAHOP SUPPORT Back PARTNERS Partner resources and information about our channel and technology partners. Learn More CHANNEL PARTNERS INTEGRATIONS AND AUTOMATIONS PARTNERS Back BLOG Learn More Back ABOUT US NEWS & EVENTS CAREERS RESOURCES Back ABOUT US See what sets ExtraHop apart, from our innovative approach to our corporate culture. Learn More THE EXTRAHOP ADVANTAGE WHAT IS CLOUD-NATIVE? CONTACT US Back NEWS & EVENTS Get the latest news and information. Learn More TAKE THE HUNTER CHALLENGE UPCOMING WEBINARS AND EVENTS Back CAREERS We believe in what we're doing. Are you ready to join us? Learn More CAREERS AT EXTRAHOP SEARCH OPENINGS CONNECT ON LINKEDIN Back RESOURCES Find white papers, reports, datasheets, and more by exploring our full resource archive. All Resources CUSTOMER STORIES REMOTE ACCESS RESOURCE HUB NETWORK ATTACK LIBRARY PROTOCOL LIBRARY DOCUMENTATION FIRMWARE TRAINING VIDEOS BLOG DEFEND AGAINST LOG4J EXPLOITS * Jeff Costlow * December 10, 2021 A zero-day vulnerability referred to as Log4Shell in the commonly used Java-based utility Log4j (CVE-2021-44228) has been disclosed. An attacker using a Log4j exploit can remotely execute code that, once deployed, can grant the attacker full server control, making the flaw a critical and widespread cybersecurity threat. Proof-of-concept Log4j exploit examples are currently available, and attackers are believed to be actively targeting vulnerable systems. The flaw allows an attacker to exploit the Java Naming and Directory Interface (JNDI) API to cause Log4j to execute arbitrary malicious code delivered by the attacker. Current analysis suggests it's delivered via LDAP or RMI, to a remote server that then redirects JNDI to reach out to another server, using HTTPS or another protocol. An emergency patch has been released by Apache. Because Log4j is ubiquitous in commonly used Java apps such as Jira, iCloud, and Minecraft, many users have the software deployed and are unaware that it is running in their environment. While the total impact of affected applications and devices is not yet known, further proofs-of-concept indicate that attackers may be able to target physical devices such as iPhones, in addition to cloud-based services and apps, deepening the potential risk. Reports quickly surfaced of observed scanning behavior: REMEDIATION AND DETECTION Log4J exploits have been discovered using alternate ports or evasion encodings as well as using TOR to hide identifying details. Immediate updates of software containing the Log4j utility are recommended, however, due to complex supply chain dependencies, vulnerable users are dependent on suppliers to patch systems and release the necessary updates. Unfortunately, many users lack awareness of which applications are vulnerable. Behavior transparency could reduce software supply chain risks. Understanding that baseline behavior for affected applications can help organizations identify indicators of compromise associated with this flaw, which is where machine-learning-based detections from a network detection and response solution can assist. ADDRESSING LOG4J WITH EXTRAHOP REVEAL(X) 360 Reveal(x) transaction records can be searched for JNDI calls, which can provide a starting point for investigating potential exploit attempts. If new JNDI calls are observed to external endpoints, the external IPs should be blocked immediately. If using JNDI calls is an expected behavior, then further investigation may be required to identify whether the activity is malicious or benign. ExtraHop is releasing a Threat Briefing and a detector for the vulnerability, which will be deployed automatically for Reveal(x) customers. The ExtraHop Threat Research Team is closely monitoring for new PoCs, and will provide updates as more information becomes available. Due to the widespread nature of this CVE, ExtraHop advises that all organizations assume the Log4j exploit has been used against them, and continue to actively monitor their network for signs of compromise. * Posted in Cybersecurity, Security Alerts, NDR * See other posts by Jeff Costlow HUNT THREATS WITH REVEAL(X) Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detecion and response for the hybrid enterprise. Start Demo RELATED BLOGS 10.25.21 WILDCARD CERTIFICATE RISKS AND THE ALPACA TLS ATTACK Understand wildcard certificate risks, the ALPACA attack, and how to check whether wildcard certificates are putting your organization at risk. Jeff Costlow 9.23.21 UNDERSTAND AND DETECT VCENTER VULNERABILITY EXPLOITATION The vulnerability to vCenter Server presents serious risk to organizations. Learn how to detect malicious activity surrounding this vulnerability. Jeff Costlow 11.9.21 PRINTNIGHTMARE VULNERABILITY: DETECTION, EXPLANATION, AND MITIGATION What you need to know about the latest PrintNightmare vulnerability (CVE-2021-34527), how it differs from other recent issues with the Print Spooler service, and what you can do to secure your organization. Jeff Costlow SIGN UP TO STAY INFORMED Javascript is required to submit this form + ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More Global Headquarters 520 Pike St Suite 1600 Seattle, WA 98101 United States EMEA Headquarters WeWork 8 Devonshire Square London EC2M 4PL United Kingdom APAC Headquarters 3 Temasek Avenue Centennial Tower Level 18 Singapore 039190 PLATFORM * Reveal(x) 360 * How It Works * Competitive Comparison * Why Decryption Matters * Integrations and Automations * Cybersecurity Services * What is Network Detection and Response (NDR)? * Cloud-Native Security Solutions * Reveal(x) Enterprise: Self-Managed NDR SOLUTIONS * Security * Cloud * IT Ops * Use Cases * Industries CUSTOMERS * Customer Portal Login * Services Overview * Training Overview * Support Overview PARTNERS * Channel Overview * Technology Integration Partners * Partner Program Information BLOG MORE * About Us * News & Events * Careers * Resources * Copyright ExtraHop Networks 2021 * Terms of Use * Privacy Policy * Facebook * Twitter * LinkedIn * Instagram * YouTube Close suggested results