MBA Response to Recent IT Interruptions

Last week, Amazon Web Services experienced a multi-hour outage that affected retail business and online service providers, including Netflix, Ticketmaster, Disney+ and Ring.

Additionally, a recently discovered vulnerability (CVE-2021-44228) in the Log4j library is currently being exploited and has been rated 10 out of 10 in severity.  Log4j is a Java library that is widely used for logging error messages in applications. Many enterprise software applications (including IBM, Oracle, and VMware), hardware providers (like Cisco) and other open-source frameworks (including Apache Struts and Apache Solr) are vulnerable to this attack.

Amazon reported the outage was the result of “an automated activity to scale capacity of one of the AWS services hosted in the main AWS network triggered an unexpected behavior from a large number of clients inside the internal network.” (https://aws.amazon.com/message/12721/).

The challenge with Log4j is that vendors will take time to evaluate and provide updates/mitigations to their products, leaving affected companies at risk.

The Mortgage Bankers Association works with several third-party servicers whose operations were briefly interrupted as a result of the AWS outage or impacted by the Log4j vulnerability. MBA worked closely with these companies in monitoring the situation as it unfolded and ensured that all MBA software and hardware products were protected. There was no interruption in MBA operations.