INCIDENT

On 09 December 2021, sources identified a significant security flaw within the popular online game Minecraft. The bug allowed attackers to change messaging settings that made the Log4j logging application connect to external addresses, allowing attackers access to the system.

Tracked CVE-2021-22448 (CVSS score: 10.0), the flaw concerns a case of remote code execution in Log4j, a Java-based open-source Apache logging framework broadly used in enterprise environment applications to record events and messages generated by software applications. Because Log4j is open source (free), it is used widely. Apache Log4j is part of the Apache Logging Project. By and large, usage of this library is one of the easiest ways to log errors, which is why most Java developers use it. Many large software companies and online services use the Log4j library: Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. The bug has scored a perfect 10 of 10 in the Common Vulnerability Scoring System (CVSS) rating system, indicative of the severity of the issue.

Since its initial discovery, intelligence suggests that the vulnerability has been built into Linux-based high speed robot networks (botnets), and is exploiting industrial controls, internet of things devices, and now, crypto mining systems.

Global Guardian has been actively monitoring this activity beginning approximately 24 hours before it was publicly announced, having received advanced notice from confidential intelligence sources. To date, we have blocked all known events for our current Cyber Security clients and are actively protecting all network and devices from this vulnerability through firewalls and secure workstation security software.

CORRECTIVE ACTION

The Cybersecurity and Infrastructure Security Agency (CISA) has provided Apache Log4j Vulnerability Guidance. To view, click here. In addition, we recommend:

• You disallow any gaming in your environment and close all running instances of the game and the Minecraft Launcher. Users will need to start the Launcher again, following which the patched version will download automatically.
• Anyone with an application containing Log4j immediately pays attention to this vulnerability and ensure you have a web application firewall (WAF) installed. If you have any questions, contact our team today. Global Guardian can provide guidance on installing firewalls and securing your networks. 

Latest DEVELOPMENTS

• On 26 November, the World Health Organization named the Omicron variant a "new variant of concern" after it had been identified a day earlier by scientists in South Africa. Omicron is spreading rapidly in South Africa, displacing Delta as the dominant strain among new cases, though it is unclear if Omicron originated in South Africa.
• Omicron has been detected in South Africa, Botswana, and in travelers to Australia, Belgium, Britain, Canada, Czech Republic, Denmark, Germany,  Israel, Italy, the Netherlands, Portugal, and Hong Kong. This list will grow in the coming days and weeks. 
• As a reaction to Omicron, many countries have banned flights from southern Africa, while several countries have significantly adjusted restrictions or banned all travel outright;
  
  
  • Israel - banned all foreign travelers until at least 11 December. Returning nationals must quarantine
  • Morocco - banned all incoming flights for at least the next two weeks.
  • Japan - indefinite entry ban for all foreign nationals.
  • Australia - flight suspension and entry ban for travelers and flights from southern Africa. Quarantine mandate and self-isolation requirement imposed for all international arrivals in Victoria, New South Wales, and Australian Capital Territory.

• While it is too soon to compare the symptoms and severity of Omicron to other iterations of the SARS-CoV-2 virus, Omicron has a number of mutations affecting the spike protein, raising concerns over possible immune evasion and increased transmissibility, as was seen with Delta, which currently comprises 99% of cases globally. 
• Pfizer-BioNTech expects to receive lab data on the Omicron variant within the next two weeks. It says that they can adapt mRNA vaccine within six weeks and possibly ship initial batches within 100 days in event of escape variant.
• Moderna has told investors that it is evaluating a full booster dose of original vaccine, studying two multi-valent boosters, and plans on launching an Omicron-specific booster.
• Johnson and Johnson has announced that it is already testing its vaccine’s efficacy against the new variant of concern.
• Novavax is on pace to file for U.S. EUA before 2022. It has already applied for approval in the EU and Canada. Novavax is developing a new version of its vaccine and it will begin testing and manufacturing in the next few weeks.

Security professionals say threats to candidates are growing more dire

Global Guardian President and CEO Dale Buckner is featured in a National Journal article about the rising number of threats politicians and candidates are experiencing in 2021—and the growing demand for security firms to step in and provide effective solutions, from physical protection to home security to online threat monitoring.

Situation Update

• On 02 November 2021, the U.S. Department of State declared a “Level 4: Do Not Travel Advisory” for Ethiopia, restricting U.S. Embassy personnel from traveling outside of Addis Ababa and advising all U.S. citizens in Ethiopia to leave the country.
  
  
• The advisory comes after rebel groups – the Tigray People's Liberation Front (TPLF) and the Oromo Liberation Army (OLA) – seized two strategically important towns 235 miles north of the capital along Ethiopia’s north-south A2 highway, effectively splitting the country in two. Armed conflict and civil unrest continue in Amhara, Afar, and Tigray.
  
  
• The Ethiopian central government declared a six-month state of emergency and authorities in Addis Ababa and the state of Amhara have also called on residents to register any weapons and prepare to fight. The state of emergency gives the government wide legal power to arrest anyone suspected of providing financial, material, or moral support to the rebel group. Reports of the arrests of ethnic Tigray in Addis have circulated over the past several days.
  
  
• Addis Ababa Bole International Airport (HAAB/ADD) is still fully operational; however, it is unclear if ADD will remain open to commercial flights should conflict reach the outskirts of the city. Flights are reported to be fully booked, as diplomats, expatriates, government officials, and Ethiopian citizens flee Addis.

Leading Duty of Care Company Will Support NASA Travelers With Global Medical Evacuation Services for Johnson Space Center

(McLean, VA) October 28, 2021 – The National Aeronautics and Space Administration (NASA) has appointed Global Guardian as its chosen International Medical Evacuation Services provider for Johnson Space Center (JSC)—the center of human space exploration—effective October 1, 2021 until September 30, 2023. Global Guardian, a veteran-owned, global security and duty of care provider, signed a contract worth $470,000 to provide NASA employees with medical support and evacuation services anywhere in the world.

Latest DEVELOPMENTS

• The United States will lift international travel restrictions on 08 November for fully vaccinated individuals. Those vaccines approved by the World Health Organization (WHO) will be accepted. In addition, the U.S. land borders with Canada and Mexico will re-open to fully vaccinated leisure travelers. A negative test will still be required for international air arrivals.

• Australia is expected to lift restrictions on international travel in November, several months earlier than anticipated, due to high vaccination rates inside the country. At least 58 percent of the country has been fully vaccinated, just ahead of the United States.

• Cases, hospitalizations, and deaths have all steadily declined in the U.S. Hotspots are now focused in the upper Midwest where earlier cool temperatures have led to more indoor activity. 

Situation Update

On 16 October, assailants in Port-au-Prince, Haiti kidnapped 17 members of an Ohio-based Anabaptist Christian aid group, including five children. The victims include 16 Americans and one Canadian. Local police suspect the involvement of the 400 Mawozo gang, who also kidnapped five priests and two nuns earlier this year.

Situation update

At approximately 1100 local time, sniper fire was reported against members and supporters of Lebanon’s Shia Hezbollah and the Amal Movement near the Palace of Justice in the Tayouneh area of Beirut, southeast of the city center.

CASE STUDY: GLOBAL GUARDIAN EVACUATES A CLIENT FROM INDIA TO THE US DURING A GLOBAL LOCKDOWN

Global Guardian CEO Dale Buckner credits in-country partners with the success of Global Guardian’s efforts in India: “An on-the-ground presence is critical to be able to successfully go the last mile when it comes to saving lives and serving clients. If you try to do this from outside the country, you are guaranteed to fail.” 

In the October edition of ITIJ's Assistance and Repatriation Review, Global Guardian describes the execution of a 24-hour, seven-stop emergency evacuation of a COVID-19-positive client from India back to the US for treatment, all while navigating an international travel lockdown.

EVACUATING EMPLOYEES FROM POLITICAL UNREST

"Ultimately, protecting employees and the business’s interests during these dire situations requires risk professionals to do the work before a crisis happens. 'If you can communicate now, you can organize now,' Buckner said."

In a Risk Management Magazine article, Global Guardian President and CEO Dale Buckner stresses the steps corporations should take to be prepared to protect and evacuate their employees in any crisis, including regular desktop exercises running emergency scenarios, like what unfolded in Afghanistan this year, and reviewing contingency plans, insurance coverage, and vendors.