Inside KPU’s response to the worldwide Log4j security vulnerability
AppsAnywhere and Citrix services were shut down to protect students, staff, and faculty
On Dec. 10, Kwantlen Polytechnic University’s IT department received an alert about the “widely distributed” software called Log4j being vulnerable to hackers.
Log4j is a software based on a common coding language called Java since 2001. The software is used in numerous applications and internet services such as Twitter, Apple, video games like Minecraft, and other services.
IT received the alert in an email from the Canadian Centre for Cyber Security, an organization that provides cyber security support to the government. KPU notified students on behalf of IT through email on Dec. 11 about the vulnerability and decided to shut down the programs AppsAnywhere and Citrix to ensure the systems were not impacted.
AppsAnywhere and Citrix are applications that allow people to access specific programs like Adobe software remotely that would otherwise only be accessible at school.
“This will affect all staff, faculty, and students whether they are accessing these systems remotely or on campus,” reads the Dec. 11 email.
KPU sent an update via email on Dec. 14 to students, stating that “as of 9:30 AM, Appsanywhere has been verified by the vendor and is now available again.”
Robert Ball, manager of network operations at KPU, says IT is currently in the process of bringing Citrix back online, and it will hopefully be available soon.
“This was a worldwide vulnerability that affected systems worldwide, not just KPU,” says Ball. “What happened is that the cybercriminals scan software to see if they can exploit it.”
According to the Canadian Centre of Cyber Security, there was a flaw in the coding of Log4j that allows people to control programs or web servers, making it more vulnerable to those using the services.
“So what happens in this particular case, it’s called a zero-day vulnerability, where the vendors did not have patches ready to patch the system at that particular time, and then they have to create patches and send them out to the customers,” says Ball.
To protect those who use these programs at KPU and their systems, when IT receives an alert, they analyze the system, Ball says. If they don’t have a “patch” to fix the problem, IT takes it offline to ensure others don’t use the program until it’s safe and protected again.
“The safety and security of Kwantlen students, staff, and systems are our top priority for IT,” he says.
This is the first time a vulnerability like this has affected KPU. Ball says that IT was very planned in their approach, gathering information from the Canadian Cyber Security Centre and their incident management team.
“I did not receive information from the KPU Service Desk about any significant impact to students. Our first priority was to ensure that the application was safe and secure,” Ball said in a follow-up email to The Runner.
As KPU IT and Ball continue to work on Citrix to make it available again, Ball says that although it can be hard to know ahead of time before these vulnerabilities happen, people can stay aware by staying up to date with KPU IT updates and keeping up with the news.
“What we do is we react to any alerts that we do get and address them appropriately … so we are doing our best in IT and KPU to be on top of that,” he says. “The cyber landscape out there is [that] things happen on a daily basis.”
“KPU’s computing environment is safe and secure,” Ball says.
To stay updated about the Log4j vulnerability, updates can be found on the Canadian Centre for Cyber Security website.