Businesses urged to remain vigilant as Log4Shell issues persist one year on
Thousands of businesses globally were targeted within just days of the vulnerability disclosure
One year on from the disclosure of the Log4Shell vulnerability, security researchers are urging businesses to remain vigilant amidst continued threats.
Log4Shell is a zero-day remote code execution vulnerability in Java logger Log4j – the most popular used worldwide.
Log4j is used by a myriad of organisations and woven into virtually every internet service or application, including Twitter, Microsoft, Amazon and many more.
Naturally, when news of the vulnerability broke in December 2021, organisations globally scrambled to patch the Log4j flaw, which security specialists rightly warned could have wide-reaching implications.
Researchers at Check Point recorded almost 200,000 attempts to exploit the vulnerability within just 24 hours of disclosure. Similarly, within the space of a week, hackers launched more than 1.2 million attacks globally off the back of the vulnerability.
In the wake of the disclosure, cyber security firm Sophos also detected “hundreds of thousands of attempts” to remotely execute code using the vulnerability.
Analysis by other organisations, including Cloudflare, even suggested that Log4Shell may have been exploited by threat actors for some time prior to its public announcement.
The continued threat of Log4Shell
And as the world entered the new year, businesses continued to feel the pressure. In February, Iranian state-sponsored threat actors used the flaw to target US government networks.
This particular incident allowed hackers to illegally mine cryptocurrency, steal credentials, and alter passwords.
Indeed, throughout 2022 the impact of the Log4Shell vulnerability was felt. October saw a cybercriminal group with links to the Chinese government capitalise on the flaw to launch attacks on targets in the Middle East and a host of manufacturing companies.
Research published by Tenable in November showed that the problem still lingers. As of October 2022, 72% of organisations still remained vulnerable to Log4Shell – and that includes organisations that initially patched and mitigated threats.
“As of October 2022, 29% of vulnerable assets saw the reintroduction of Log4Shell even after full remediation was achieved,” the company confirmed in a statement.
Deryck Mitchelson, Field CISO at Check Point described Log4j as a “game changer” due to the relative ease with which threat actors could target services and devices around the world.
“It is estimated that 1 in 10 corporate servers were exposed,” he said. “I think it was a wake-up call for an industry that was relatively blasé around the management of open source libraries and their use therein, and were perhaps too trusting of their vendors and the supply chain’s vulnerability.”
What made Log4Shell so impactful?
The impact of Log4Shell was particularly acute due to rapid ease of exploitation. For threat actors, no privileged access was required to exploit the zero day vulnerability.
Similarly, the vast attack surface that could be targeted also exacerbated the situation. Millions of Java applications worldwide were affected.
Enhancing cyber security in an expanding landscape
How secure connections between wireless peripherals can help mitigate cyber incidents and empower employeesFree Download
At the time, security specialists noted that the difficulty in finding bugs and patching would likely cause issues for a significant number of organisations.
Muhammad Yahya Patel, Security Engineer at Check Point said that Log4j acted as a “stark reminder that security needs to underpin all applications and services”.
“Time is of the essence in these situations,” he added. “It forced many companies to review their vulnerability patch policies; any delay could cost them significantly."
Patel said that organisations must remain vigilant and learn from zero-day vulnerabilities to avoid similar situations unfolding in the future.
“Don’t trust open source software without doing your own checks,” he explained. “It is good practice to take open source software and put your security controls around it.”
“Build software code securely right from the start to avoid any surprises in the future, and make sure any changes to the software pass through your security checks.”
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platformsFree Download
The 3D trends report
Presenting one of the most exciting frontiers in visual cultureFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
Leverage automated APM to accelerate CI/CD and boost application performance
Constant change to meet fast-evolving application functionalityFree Download