Getting ready for the next Log4Shell vulnerability
Cybersecurity impacts our everyday life, Stefan Achleitner explains why AI and observability can help you prevent the next big vulnerability.
Research lead of cloud-native security at Dynatrace, Stefan Achleitner was recently a guest on the Red Hat X Podcast, talking about best practices for cybersecurity and how to predict the next big vulnerability, like Log4Shell.
As the topic is very relevant for our everyday life as humans and tech workers, we thought it would be wise to share some of the highlights of the talk and summarize some of the key points that he discussed: Why is it hard to detect new vulnerabilities? How does AI fit in the picture? And what can we do as individuals to protect ourselves?
Listen to the full episode here: Getting ready for the next log4shell vulnerability
Why is it hard to detect unknown vulnerabilities?
Log4Shell is a great example of a big vulnerability that went undetected for a long time in the Log4 Java library, although this library was in use in many types of software.
It became public in November 2021, but nobody knows how long attackers knew about this vulnerability before then. And since then, we’ve already had another vulnerability that was very similar: Spring4Shell, in the Spring4 library.
The goal of cybersecurity is to be ready for the “next Log4Shell” — but how can you do that?
Detecting unknown vulnerabilities is not that easy.
Known ones are published (in lists like CVE) and this helps cybersecurity software detect them. If you are using a third-party library that is known to contain a certain vulnerability, monitoring software can notify you that you have a potentially vulnerable component.
As you can imagine, it’s hard to detect something that’s unknown, for the very reason that you don’t know what you should look for.
However, the good news is that research in cybersecurity is constantly making strides. Thanks to new technology, like AI and observability, we are now starting to detect attacks while they are happening and stopping them at a very early stage.
Observability, AI and cyber defense
Monitoring and observability are key factors in the success of keeping your software secure. You can look at a system from many different points of view, which is something that a simple antivirus program cannot do. An AI can then correlate this observability information to all known vulnerabilities and see if certain libraries are being used by your software.
If you monitor what users are really sending to an application, Dynatrace’s attack detection capability can detect if they are sending something to a potentially vulnerable app component or third-party library. It identifies that an exploit could be happening, without knowing the specifics of the vulnerability, and stops it in its tracks.
The benefit of AI is that it can detect the unknown. The whole security industry is mostly based on standard firewalls or anti-virus systems, which are themselves based on matching signatures: they look for patterns from previous attacks and check if the patterns seen in certain activities match to those. AI, instead, learns on the basis of multiple known attacks and known malicious patterns and it can generalize this information. It can detect if something is a potential new threat or a zero day attack.
However, one challenge with AI is that it can also make mistakes and not always be right. Deep learning makes it hard to determine why a machine learning system decided something could be dangerous. And false positives can have a really bad impact. For example, if an AI determines Outlook is malicious, it could start blocking all email traffic in the whole organization.
What can an individual do to prevent cyberattacks?
It’s important to note that the cyberspace is not only about technology: the human factor is a critical ingredient. At a technological level, many threats can be controlled with firewalls and anti-virus software, but if somebody, i.e., shares a password online, technology cannot do much against it.
There are two major categories of cyberattacks that people should be aware of:
1. Targeted attacks to companies or high-profile individuals
2. Untargeted attacks to anybody who falls for it
For the average person, the threat of a targeted attack is much lower, so you should be more aware of untargeted attacks. This includes phishing emails, malicious links or apps in an app store, scam websites, etc.
Stefan shares some best practices that everybody should be aware of:
1. Keep your software up to date.
Software companies release updates regularly and frequently, it is due to fixed vulnerabilities. Outdated versions can make you vulnerable to attacks. And this tip is true for both software users and software development companies: it’s important to make sure that all third-party components you are using are up to date, so use tools that help you keep up with updates.
2. Principle of least privilege
Only give users the minimum number of permissions that they need to do their tasks. And don’t forget to remove permissions if they aren’t being used or the employee has left the company.
3. Be careful of what you share on social media.
Anything you share on the internet could be used against you in a cyberattack, so thread carefully with what information you share.
The good news is that people are getting more aware of cybersecurity. Now that everybody’s personal data is online, as soon as there is a leak or an attack, it is splashed across all media channels, which raises the awareness of cybersecurity among the general public.
Cybersecurity will continue to be a pressing topic both in tech and in our everyday lives, as software becomes more and more complex, thus expanding the attack surface. But the other good news is that companies like Dynatrace are working hard to make software more secure and safer to use for everybody.
Getting ready for the next Log4Shell vulnerability was originally published in Dynatrace Engineering on Medium, where people are continuing the conversation by highlighting and responding to this story.