Jan 11, 2022
72 Views
0 0

Log4j threat activity limited, but CISA says actors lay in wait

Written by

CISA officials expect to see more aggressive activity in the future, though potential threat actors may have a lower profile in the short term amid the heightened industry focus on Log4j. 
“This may be the case because sophisticated adversaries have already used this vulnerability to exploit targets and are just waiting to leverage their new access until network defenders are on a lower alert,” Easterly said. 
Easterly referenced the 2017 Equifax breach, which was revealed in September of that year but was based on an open source vulnerability discovered in March. During the Equifax attack, threat actors remained undetected inside the company’s systems for months, which CISA officials argue could be the reason why no major Log4j attacks have taken place today.
The new disclosures by Microsoft may lead officials to reassess the immediate threat level. Microsoft identified threat activity as early as Jan. 4 and attackers are using command-and-control servers that spoof legitimate domains. CISA said earlier that it was aware of the NHS research about unknown actors targeting VMware Horizon.
Researchers from NHS Digital in the U.K. warned last week that unknown threat actors were targeting Log4Shell vulnerabilities in VMware Horizon to install webshells, opening up potential victims to attack, including ransomware, data exfiltration or other scenarios. 
Microsoft, Mandiant, CrowdStrike and other security researchers have over the past month reported nation-state activity by multiple adversaries, including China, Iran and others.
CISA officials remain focused on driving remediation of vulnerable assets as well as the adoption of strong security practices.  
Companies have been slow to track down vulnerabilities embedded in software and slow to update security patches, leaving organizations that often depend on third-party vendor relationships vulnerable to malicious attacks. 
It is absolutely critical that organizations know what software is in their environment so they can properly patch and keep up to date,” said Chuck Everette, director of cybersecurity advocacy at Deep Instinct. “In 2021, there have been multiple vulnerabilities reported that organizations have been slow to patch, let alone identify running in their environments.”
Get the free daily newsletter read by industry experts
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.