CISA warns that Log4Shell remains a threat

Last week, the Cyber ​​Security and Infrastructure Security Agency (CISA) was released warning warn organizations that malicious threat actors continue to exploit the zero-day Log4Shell vulnerability VMware Horizon and the Unified Access Gateway (UAG) to gain initial access to target systems without the necessary patches.

One of the most troubling elements of the report was that CISA recommends that all organizations with affected systems and not deploying patches “compromise and take the initiative.” danger hunting activities. ”

First of all, the statement emphasizes that businesses that have not patched Log4Shell are still at risk and should at least install existing patches on their systems if they do not take steps to eliminate the interference.

Take a look at the history of Log4Shell

Alibaba’s cloud security team first detected and reported a Log4Shell vulnerability on Apache on November 24 last year.

Researchers initially observed that attackers used Apache Log4j 2, an open source library that records errors and events in Java applications, to remotely execute malicious code on servers and clients. Minecraft.

Although the Apache vulnerability was patched on December 9, Log4Shell has already gained a reputation as a serious zero day vulnerability. commentators estimated that “it will sabotage the Internet for years to come.” 3 billion usable devices.

As vulnerability propaganda grew, threat actors began attacking businesses around the world. Microsoft Find advances in techniques, including mass scanning, coin mining, remote shelling, and red team activities.

Since then, exploitation has reduced trust in third-party cloud software to the point that 95% of IT leaders report Log4Shell said it was a major wake-up call for cloud security, with 87% saying that now their disbelief in cloud security is less than it was before the incident.

Is Log4Shell still a threat today?

Although months have passed since Log4Shell’s first discovery, and many organizations have made the necessary vulnerabilities to protect their systems, most have not. In fact, a rezilion in April of this year report Log4Shell found that almost 60% of the affected software packages were patched.

CISA’s recent warning warns that not patching these systems can be costly, as risk actors are still looking for patch-free systems to operate.

The only way to minimize these zero-day threats is to implement an organized patch plan for businesses, patching and protecting any servers facing the Internet.

“Patching is a critical part of any organization’s security plan, and devices connected to the Internet pose a serious risk to organizations and their customers, especially in the face of a known and used vulnerability,” he said. Know4Erich Kron.

“While patches can be difficult to install and can pose a real risk of interruption if problems do occur, any organization with Internet-facing devices should have a system and tests to significantly reduce the risk,” Kron said.

Safety consequences of not patching log4j

Failure to patch systems exposed at this stage of the vulnerability cycle is a serious mistake that indicates that the organization has significant gaps in its existing security strategy.

“Patches for log4j versions that are sensitive to Log4Shell have been available since December. This includes patches for VMware products, ”said Tim Mackey, chief security strategist at the Synopsys Cybersecurity Research Center (CyRC).

“Unfortunately, organizations that haven’t patched log4j or VMware Horizon yet don’t have a strong patch management strategy, and there are examples of both commercial and open source strategies or shadow deployment,” Mackey said.

Mackey points out that using media communication to encourage organizations to address new vulnerabilities may be effective, but it cannot replace proactive monitoring of new exploits.

Take a look at the solutions that apply to Log4Shell

While patching vulnerabilities is easier to do than in complex modern network environments, there are increasing patch management solutions that organizations can use to remotely and efficiently transfer patches to multiple devices.

Many organizations are already using patch management solutions to update their devices, and researchers are waiting for that global patch management market It will increase in value from $ 652 million in 2022 to $ 1,084 million by 2027.

To address Log4Shell vulnerabilities in more detail, businesses can use vulnerability scanning tools. PortSwigger BurpSuite Pro, Nmapand TrendMicro’s Log4J Vulnerability Test Device be able to take action to identify the affected files and correct them.

It should also be noted that well-known technology manufacturers such as Microsoft and Google They have implemented their own custom solutions to help businesses identify and reduce Log4j.

For example, Microsoft has expanded Microsoft Defender thus, it can scan log4j files and devices for Google Cloud offers Cloud Entrance allow businesses to query logs for attempts to use log4j 2, and issue alerts to alert logs when exploitation messages are written.

By combining patch management solutions with active vulnerability scanning, organizations can consistently identify compromised infrastructure and operations, such as log4j, before an attacker has a chance to use them.