Omega Systems Alert about Log4j Vulnerability

.

Dear Omega Systems Customers,

Our team has been working diligently to identify and remediate systems susceptible to the vulnerability known as Log4J. Below is a recap of efforts and tasks completed by Omega Systems to ensure the security of our systems.

Within 24 hours of public disclosure of the Log4J vulnerability, our IPS vendors Trend Micro and Fortinet released signatures to detect attacks related to Log4J. Those signatures were installed and activated immediately by our Data Center Team. Our SOC Engineers audited Smart Host and Smart Secure customer firewall policy configurations to ensure the IPS signature was installed and configured to block or quarantine attackers’ IP addresses that match the IPS filter.

Our Security Operations Team began reviewing all externally facing servers utilized for customer access and system management and remediated all vulnerable externally facing systems. Utilizing our vulnerability management scanners, we have scanned our Smart Host and Smart Secure customers external IP ranges looking for systems vulnerable to Log4J. If your system was identified as being vulnerable, our SOC Engineers have already reached out to you to discuss mitigation. As of now all externally facing portals hosted by Omega Systems for customer and data management have been confirmed protected against the Log4J vulnerability.

Yesterday afternoon through our security partnerships we received a list of source IP addresses known to exploit the Log4J vulnerability. Those IP addresses have been entered into our Data Center IPS blocklist and will continue to be updated as new threat intelligence is shared with Omega Systems. Our SOC Engineers are reviewing firewall traffic logs to identify potential or successful exploitation of systems based on IOC threat feeds. The volume of attempted attacks related to Log4J is widespread, within 12 hours our systems identified and blocked 200+ potential attacks against our customer’s hosted environments.

Currently our focus is on remediation for internal management systems that are not externally facing but provide services to our customers. Several VMware products have been identified as vulnerable to Log4J, we are reviewing the usage of those products and implementing the recommended mitigations. It is important to note that our EDR+ offering powered by SentinelOne has confirmed it will detect and stop any attacks related to the Log4J vulnerability.

If you have any questions regarding the Log4J vulnerability and the impact to your network, please feel free to reach out to our Service Desk or your Technical Account Manager. Thank you for being an Omega Systems customer and the opportunity to protect your network.

Omega Systems is aware of the Log4j Vulnerability and we are reviewing all systems and implementing the recommended changes by the vendors. While we wait on new definitions from all vendors, we have already confirmed that the Data Center IPS has signatures to block this attack. We will provide updates as new information becomes available.

If you would like to read about the vulnerability further, please follow the link below for more information. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

We appreciate your business and apologize for any inconvenience this may be causing you. If you have any questions, please email us at servicedesk@omegapa.com or if your issue requires immediate assistance please call us at 484.772.1110.

Thank you,

OMEGA SYSTEMS Office 610.678.7002 | Service Desk 484.772.1110

Omega Systems is dedicated to providing excellent customer service experiences. If you are receiving this email, you are a valued client and recipient of our services.

If someone within your organization is not receiving these important emails and should be added to the contact list, please contact your Technical Account Manager to have them added.