-
Aviation Advisory
Our dedicated Aviation Advisory team bring best-in-class expertise across modelling, lease management, financial accounting and transaction execution as well as technical services completed by certified engineers.
-
Consulting
Our Consulting team guarantees quick turnarounds, lower partner-to-staff ratio than most and superior results delivered on a range of services.
-
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
-
Deal Advisory
Our experienced Deal Advisory team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
-
Forensic Accounting
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
-
Financial Accounting and Advisory
Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.
-
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.
-
Risk Advisory
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
-
Sustainability Advisory
Our Sustainability Advisory team works with clients to accelerate their sustainability journey through innovative and pragmatic solutions.
-
Asset management Asset management of the futureIn today’s global asset management landscape, there is an almost constant onslaught of change and complexity. To combat such complex change, asset managers need a consolidated approach. Read our publication and find out more about what you can achieve by choosing to work with us.
-
Internal Audit Maintaining Compliance with New EU Pension Directive IORP IIOn 28 April 2021, the Irish Government transposed IORP II (Institution for Occupational Retirement Provision), an EU directive on the activities and supervision of pension schemes, into law.
-
Risk, Compliance and Professional Standards FRED 82 – Periodic Updates to FRS 100 – 105The concept of a new suite of standards for the UK and Ireland, aligning with international financial reporting standards, was first conceived in 2002
-
Audit and Assurance Auditor transition: how to achieve a smooth changeoverAppointing new auditors may seem like a daunting task that will be disruptive to your business and a drain on the finance function. Nevertheless, there are a multitude of reasons to consider a change, including simply seeking a ‘fresh look’ at the business.
-
Corporate Tax
Our Corporate Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic and international clients; covering Corporation Tax, Company Secretarial, Employer Solutions, Global Mobility and Tax Incentives.
-
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
-
Indirect Tax Advisory & Compliance
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.
-
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
-
Private Client
Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand that each individual’s circumstances are different to the next and we tailor our services to suit your specific needs.
Active Threat Campaigns
A current and expanded active threat campaign is targeting organisational infrastructures to determine the presence and future exploitation potential resulting from this weakness. Threat intelligence has additionally detected ongoing threat actor exploitations including: exfiltration of data, malware installation, crypto-miner deployment, ransomware, participation in bot nets, and taking control of the affected resources by planting back-door access tools for future use.
Grant Thornton is advising clients to activate response and remediation teams in advance of the upcoming Christmas holiday season to rapidly detect, remediate and mitigate risks associated. As this is a developing situation, additional details are forthcoming.
Background
Apache on December 9th disclosed details of the vulnerability (CVE-2021-44228) and again on December 14th (CVE-2021-45046) following discovery of incomplete patches for affected and supported products. Log4shell is an Unauthenticated Remote Code Execution (RCE) vulnerability that facilitates control of resources utilising Log4j versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0. Log4j is a logging component of Apache widely reused in multiple java-based vendor software as is likely to exist within clients’ utilised technologies. All systems, including those that are not internet facing, are potentially vulnerable.
Remediation & Mitigation
Remediation:
Java 8 (or later) users should upgrade to Apache release 2.16.0.
Users requiring Java 7 should upgrade to Apache release 2.12.2.
Apache Mitigations:
If patches cannot be deployed remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
SOC Awareness:
Enumerate any external facing devices that have log4j installed.
Make sure that your security operations center is responding to each alert on the devices that fall into the category above.
Install a web application firewall (WAF) with rules to prevent Log4j headers, body, and URLs.