Jan 4, 2022
83 Views
0 0

Log4j activity expected to play out well into 2022

Written by

Security researchers say the longer term effects of Log4j are just beginning to play out across the industry.
“As we move into 2022 we are seeing the ripples on the effects of the Log4j critical vulnerability being the new preferred threat vector for cybercriminals,” said Chuck Everette, director of cybersecurity advocacy at Deep Instinct.
Log4j downloads on Maven Central surpassed 8 million since the vulnerability was first disclosed, according to Brian Fox, CTO at Sonatype. The latest release 2.17.1 saw the lowest adoption rate of all the releases, as a number of security researchers raised questions about whether the CVE-2021-44832, should have been treated as a full vulnerability. 
Researchers from Checkmarx said the vulnerability created the potential of arbitrary code execution, after a dispute arose over prior claims
Most federal agencies have patched or used alternate mitigation methods to resolve the potential exposure to Log4j issues, according to the Cybersecurity and Infrastructure Security Agency (CISA). The agencies had a Christmas Eve deadline to take remediation steps.
“Agencies have reacted with significant urgency to successfully remediate assets running vulnerable Log4j libraries, even over the holiday season, or to mitigate the majority of affected applications identified that support ‘solution stacks’ that accept data input from the internet,” a CISA spokesperson said.
In mid-December, researchers from Mandiant and Microsoft warned that nation-state actors were attempting to use the Log4j vulnerability to launch attacks against potential targets. 
CrowdStrike disrupted an attack against a large academic institution by China-based threat actor Aquatic Panda, according to a blogpost from the security firm. The attack was detected amid suspicious activity involving a VMware Horizon Tomcat web server. VMware issued guidance in December regarding potential Log4j vulnerabilities connected to VMware Horizon. 
“The security of our customers is a top priority at VMware as we respond to the industry-wide Apache Software Foundation Log4j vulnerability,” a VMware spokesman said in a statement. The company issued a security advisory on Dec. 10, which includes regular updates and fixes and the firm is encouraging customers to subscribe to its security advisories mailing list.
CrowdStrike researchers declined to provide any specific geographic information or other details on the attacked organization. 
“While we cannot directly state that we are seeing broader use of this particular vulnerability by espionage actors, its viability as an access method is already proven,” Param Singh, VP of Falcon OverWatch at Crowdstrike told Cybersecurity Dive via email. 
Aquatic Panda is connected to industrial espionage and intelligence collection and linked to activity starting in May 2020, according to CrowdStrike. Prior targets have mainly involved telecommunications, technology and government entities and the threat actor has relied heavily on Cobalt Strike to launch attacks, including the use of a downloader known as FishMaster, according to CrowdStrike. 
VMware officials noted that any internet-connected service that isn’t yet protected against Log4j is vulnerable, and recommended immediate patching.
Get the free daily newsletter read by industry experts
The pandemic created more business opportunity, but malicious actors dogged the company's technology stack. Now, the very same products touted as security defense tools are under fire. 
Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
The pandemic created more business opportunity, but malicious actors dogged the company's technology stack. Now, the very same products touted as security defense tools are under fire. 
Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.