Log4j - Log4Shell Alert - Just an Isolated Case?

14. February 2022
| No comments
Log4j - Log4Shell Alert – Just an Isolated Case?

Share post

The answer to the question of whether Log4j / Log4Shell was unique is no. Certainly, the impact of the Log4Shell vulnerability was unusual. But RCE vulnerabilities are not uncommon. This was also shown by the attack in spring 2021 by the group known as "Hafnium" on Microsoft Exchange.

Software modules, such as the currently affected library, which are used in many applications in parallel and thus offer a wide range of attack points, are also part of everyday IT life. Still – what is special about the Log4j / Log4Shell incident is that all these factors come together.

Other weaknesses in everyday IT

That, at least, happens rather seldom, and it will probably (hopefully) be some time before something similar happens again. However, the probability increases. This is mainly because more and more software is being developed. This should be available quickly, which is why developers are forced to implement building blocks like Log4j. If a security gap is then discovered within such a component, it is not just the developer who is affected (such as Microsoft with "Hafnium"), but all manufacturers who implement this component. And that can be the individual company, for example with a specially built customer portal, but also the provider of a widespread application. Because more and more modules are required, the probability of a software gap becoming known in one or the other inevitably increases.

High level of danger

For Log4j / Log4Shell has the British National Cyber ​​Security Center (NCSC) prepared an interesting list of questions. This is aimed at company leaders and is intended to provide guidance on how boards can deal with the situation. The background is that such a security gap has the potential to be life-threatening. This is because this makes it easy for criminal actors to infiltrate systems. On the other hand, this also has something "good" because if the vulnerability is "so" easy to attack, many hobby criminals do the same to place coin miners and often draw attention to vulnerable systems without causing enormous damage. Professional cybercriminals, on the other hand, use the gap to infiltrate a network and spread from there until they reach their destination - without being noticed. This takes time - depending on the system and the size of the company, this can take weeks to months. It is therefore to be expected that there will be an increase in ransomware incidents again from January.

Is Log4j / Log4Shell just a special case?

Richard Werner, Business Consultant at Trend Micro (Image: Trend Micro).

The widespread distribution of software and the wide range of uses ensure that there is always a window or door open somewhere in every company for the thief. The only question that really arises is who discovers the vulnerability first and deals with it in their best interests. Log4Shell shows again, just like Hafnium, Kaseya and other cybersecurity incidents that happened in 2021, that a purely proactive approach trying to block damage is difficult to implement.

Today we have to assume that somewhere, someone will find a window through which he can get in. A company's ability to identify and successfully hunt down this "thief" determines the extent of the damage it causes. Organizationally, in an emergency, one speaks of "Tiger Teams" or, in general, of the "Security Operations Center (SOC)". Technologically, however, many of the associated activities can be extremely simplified if modern technology such as XDR is used.

More at TrendMicro.com

 

About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Vulnerabilities in medical devices

One in four medical devices (23%) has a vulnerability from the US cyber security agency CISA's Known Exploited Vulnerabilities (KEV) catalog. In addition, there are ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

Stories
, , , , ,