International SOS information security team has enabled the multi-layer cyber defense systems to protect our products and services against the Apache Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228). International SOS internet facing products and services are not vulnerable to Apache Log4j Java library RCE vulnerability. We have also found a few internal servers vulnerable to CVE-2021-44228 Apache Log4j, and we are in process of remediating all identified servers with target date as 31 Jan 2022.
Chronological Progress on Remediation and Attack Prevention
Feb 09, 2022
International SOS application and server patch management team has patched all applications and servers that were identified vulnerable to Log 4j vulnerability and achieved 92% compliance. We are in process of patching the remaining 8% applications and servers. Currently, none of our external facing applications are vulnerable.
Jan 05, 2022
International SOS application and server patch management team identified all applications and servers to be patched to remediate the Log 4j vulnerability and scheduled the patching in the month of Jan 2022.
Dec 22, 2021
International SOS information security team enabled 4 monitoring rules (use cases) on Security Information and Event Management (SIEM) system to enable us with near real time (immediate) notification for any of the following attack situation:
- Any successful Log4j attack attempts on applications
- Any successful Log4j attack attempts on network layer
- Any successful Log4j attack attempts on hosts (servers)
International SOS information security team also activated the cyber threat intel firm to monitor any attacks of plan of attack being discussed in well-known hack/chat forums. Apart this, our threat intel is also started monitoring the paste-bin for any data/ compromise info, if any associated with our organisation and Log 4j vulnerability.
Dec 18, 2021
International SOS information security team enabled third later of defence as Host Intrusion Prevention System with specific signatures to protect the internal servers and internet facing products and services. Our information security team also scheduled a scan of all internal servers to identify the internal vulnerability exposure.
Dec 14, 2021
International SOS Information security team enabled two layers of defence with specific signatures to protect the internet facing products and services:
- Web Application Firewall; and
- Network Intrusion Prevention System.
Dec 09, 2021
On Thu Dec 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified being exploited in the wild. International SOS learnt about this vulnerability via peer groups on Friday Dec 10 and followed by a formal notification from our threat intel partner iThreat on Saturday 11 early morning.