SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
A new tool to help the MSP community combat Log4j
Mon, 27th Dec 2021
FYI, this story is more than a year old

Datto, a global provider of cloud-based software and security solutions for Managed Service Providers (MSPs), is encouraging all MSPs to download a free script developed and made available on GitHub for any Remote Monitoring and Management (RMM) solution.

The endpoint assessment tool can uniquely enumerate potentially vulnerable systems, detect intrusion attempts, and inoculate Windows systems against Log4j attacks.

The zero-day vulnerability in the Apache Log4j logging framework was found on December 10. The bug, which allows malicious actors to exploit vulnerable systems remotely, has been given the highest severity score, and governments have issued alerts globally.

Datto first declared its products safe for use within the critical 24 to 48 hour period following the vulnerability disclosure. The company immediately began sharing active threat intelligence with the MSP community about attacks it observed to help them understand the Log4j threat and how it was being exploited.

"Datto packaged quality contributions from the security community into an MSP-friendly form and released two different versions of an endpoint assessment tool to help partners and all MSPs detect and respond to potential exploitations," says Datto chief information security officer, Ryan Weeks.

"The adoption of the component created for Datto RMM has been utilised by almost 50% of all Datto RMM partners, which represents millions of scans of endpoints by MSPs for vulnerabilities at client-sites that are small and medium businesses," he says.

"The adoption rate of the Datto RMM component tool has been tremendous, with half our Datto RMM partner base utilising it to scan protected endpoints. I'm hearing from partners that say they finally feel empowered to respond to this emerging threat with this tool."

He says from a community defence perspective, they want to make effective response tools broadly available to help every MSP in the channel to become more secure and to withstand cyberattacks.

"It's a chief priority at this time to encourage all MSPs to take advantage of the tools we've made available in Datto RMM and on GitHub to protect themselves and their clients. RMMs offer a key systems inventory and response capability that makes it easy to view, manage, and secure your endpoints during critical events."

Datto's tool goes a step further, unlike other scanners, scripts, and tools made in the wake of Log4Shell, which only scan the system for insecure JAR files. It provides the ability to search the contents of server logs to detect intrusion attempts and inoculate Windows systems against Log4j attacks.

Weeks says he's pleased to see some great information sharing and that the community is really coming together. However, he says the Log4j response will require diligence for weeks to come as more vulnerabilities are released, nuances in the mitigations are understood, and exploits evolve.

Datto provides the following advice for MSPs:

  • Update all Java applications which use Log4j Restrict outbound network access from affected hosts, so Java classes can not be downloaded from remote locations. 
  • Talk to your vendors about their posture regarding Log4j and how they are assessing their own vendors (known as fourth-party risk).