Why did Log4Shell send shockwaves across the world?
1. It has been assigned a CVSS Score of 10 out of 10. This rating makes it one of the biggest exploits, if not the biggest in history.
2. Hundreds of millions of devices were affected as more than one million attacks were attempted in the first days, according to Check Point. Researchers at the company said they’ve observed attempted exploits on more than 44% of corporate networks worldwide.
3. It’s one of the easiest attacks to carry out. The vulnerability is straightforward and simple to deploy. In the Minecraft video game, where it was said to be first discovered, it’s as easy as typing a line of malicious code into the public chat box during a game.
During the last three weeks, we have seen the effects of the hobby hackers and the single bad actors who are just in it for the chaos. The more insidious attack is coming, and its ripple effects will be felt throughout the world for years to come.
Sophisticated attackers are patient. They infiltrate a network in stealth mode and lie in wait. Being able to override security measures at will, they often create a backdoor into an exploited server where they can come and go and hide undetected while they comb through a network for valuable resources. Usually, this quest is data-driven, hackers will siphon off data a little at a time, sometimes taking years to carry out an attack or find a foothold for a ransomware scenario.
In tech, we are just seeing the tip of the log4shell iceberg right now. Cybersecurity experts, security professionals, and the c-suite are likely feeling they’ve booked passage on the Titanic.
So, what can you do to fight this vulnerability as a medium or small organization?
1. Stay informed of the most current developments as the situation evolves.
2. Patch and update software and hardware as soon as possible. Check for updates often. Use The BlueTeam Cheatsheet for good update information for each vendor.
3. Know where Log4j is in your environment and monitor and log everything that is happening on servers that are vulnerable to it. Any unusual activity should be deeply investigated and treated as a breach.
4. For small and medium organizations, assume there has been a breach. Activity on your servers should be constantly monitored for abnormalities and activity should be logged and monitored.
5. Know that as the bigger targets lockdown and address this vulnerability becoming less accessible to hackers, smaller companies can and will be targeted.
6. It is more essential than ever to have a tested backup and disaster recovery system in place.
The time to prepare is now.
Make no mistake, you are heading into battle and will need to stay vigilant for years to come. Ransomware attacks are coming. Finding a trusted technology partner to help you fight this war is critical to staying protected and defending against a possible assault on your organization. Click Schedule a Meeting to find out how we can help you keep your network safe.
References.
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#file-20211210-tlp-white_log4j-md
https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance