Log4j Exploits in the Wild

Log4j Exploits in the Wild

Log4j Exploits in the Wild

image

As you hopefully know by now, Log4Shell is a zero-day unauthenticated Remote Code Execution (RCE) vulnerability in Log4j versions 2.0-beta9 up to 2.14.1 identified as CVE-2021-44228. Log4Shell scores a perfect 10.0 on CVSS, the maximum possible criticality for a vulnerability. Since the initial vulnerability and subsequent patch, there have been several other vulnerabilities discovered and patched – visit our blog for a full timeline of events.

It’s been nearly a month since the initial vulnerability was disclosed, and exploit attempts continue to ramp up. Security firm Check Point said that over 4.3 million attempts to exploit CVE-2021-44228 have been detected thus far on nearly half of corporate networks.

Microsoft notes that exploitation is also being attempted by Advanced Persistent Threat Actors (APTs) and nation-state actors, as it appears this vulnerability is being added to malware kits and tactics used by threat actors.

Based on this data, it’s clear that threat actors are taking advantage of the vulnerability, likely faster in some cases than organizations can identify Log4j and patch. If you still haven’t patched your environment, we recommend doing so as soon as possible, but also monitoring closely for indicators of compromise due to the availability of the exploit code.

How is the Government Responding?

The exploit statistics certainly are sobering, and all signs point towards continued, widespread scanning and subsequent exploitation of Log4Shell. So, how is the government handling things?

Yesterday, the Federal Trade Commission (FTC) published a blog to make their stance on the situation clear, stating:

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”

Essentially, organizations need to patch or otherwise adequately remediate Log4j to protect data, or else risk heavy fines similar to Equifax enforced via the Federal Trade Commission Act.

What Needs to Be Done?

In order to adequately protect your environment and the data within, patching your systems is the best course of action. Visit the Apache Log4j downloads page for the latest version, and upgrade your systems as soon as possible. To determine what systems to upgrade, you can use the scanner provided by the Cybersecurity and Infrastructure Security Agency (CISA).

 


We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here

© 2023 SRC Cyber Solutions LLP. All Rights Reserved.