What did Eastern Enterprise do when the vulnerability was reported?

As soon as NCSC reported a serious vulnerability in Apache Log4J, Eastern Enterprise started to investigate the software and hardware affected by the vulnerability. We performed an initial analysis of the impacts to know whether any of the existing infrastructure components were affected with the help of vulnerabilities published by vendors.

What concrete actions have been carried out by Eastern Enterprise?

Actions performed by Eastern Enterprise are as follows:

  1. Performing checks on finding the vulnerability
  2. Implementing the Apache Log4J update wherever necessary
  3. Informing to and ensuring from our sub processors on the vulnerability fixes
  4. Ensuring that our production, test, development environments are scanned
  5. Ensuring all systems are  patched with security update
  6. Ensuring IDS/IPS is enabled on Firewall and Endpoint

This assessment showed that as we use Microsoft and Linux technology, we already patched with Apache 2.16 library wherever required and we are already away from the vulnerability.

What are the current steps?

We are monitoring and verifying with our sub-processors like the Hosting service provider whether all patches and fixes are completed and infrastructure is clean.

We continue to perform checks on operations team end-user nodes for the vulnerabilities as we did for rest environments.

Are you sure the production environment is not vulnerable?

Based on the information available from several software vendors and the scanning we did on critical priority for the production environment, as far as we know, that environment is unaffected. Out of the vulnerable list, only Elastic search, Jenkins, Docker and SonarQube were part of the vulnerable software list published by vendors. This has already been updated to be on the safer side. Also, our Elastic search, Docker, Jenkins and SonarQube services are not internet-aware and are used internally so it’s safe already. 

Our hosting provider has also ensured that as of now they have no impacts found on our environment.

Has vulnerability been exploited already?

While investigating we did not find any evidence or patterns of the vulnerability so to our knowledge vulnerability is not exploited in our environment.

Are you sure that vulnerability has not been exploited on other systems or sub-processors?

Based on the current information there is no indication that vulnerability has been exploited on other systems or our sub-processors.

Is there anything I can do for myself?

We have scanned all Infrastructure and ensured that we are not using any of the vulnerable software reported by NCSC then we suggest you scan your system for vulnerability so that your environment remains safe.

It’s always a good practice to –

  • Keep your passwords safe
  • Keep your passwords strong
  • Not to share your credentials with others
  • Keep changing your password frequently
  • Stay alert of phishing emails, apply spam policies
  • Not to open emails from unknown senders or click on any unknown links inside the email.
  • Keep System update up-to-date

Stay safe!