28 December 2021

What Every Business Leader Should About Log4Shell.

By Rahul Garg

In many cases, updating IT systems and installing security patches is a quiet affair with little concern for business leaders as they are more keen to get a budget approved so that the IT team can carry out this task. However, that silent approach is sometimes disrupted when a news flash emerges about a company that suffered a cyberattack or data breach due to a vulnerability in some of the software they were using. Reading such a story should immediately raise some questions for the leaders of any company. The most important are: “Is my company using this software? If so, have we applied the patch? “

The Log4Shell vulnerability case should raise these and other questions. By way of context, Log4Shell is the name given to this vulnerability that involves a piece of code – Apache’s Log4j 2 library – that is used all over the world and could perfectly be present in some software that your company uses, even without the IT staff explicitly knowing. Furthermore, it is quite easy to exploit for attackers and the consequences for companies could be very dangerous.

Cybercriminals are scanning the Internet to send malicious packets in order to compromise any system exposed to the Internet that uses a vulnerable version of this library.

In this sense, if your system processes one of these malicious packages, it may already be compromised, because the attacker has made one of their systems try to open a malicious website and download malware that could even take full control of it. In the same way, an attacker already within your network could easily move to other systems using the same attack approach.

So far, ESET’s detection systems have yielded attack attempts that seek to distribute malware, such as cryptocurrency miners, the Tsunami and Mirai Trojans, as well as Meterpreter, the penetration testing tool. It’s likely a matter of time before the attacks escalate and advanced threat actors begin attempting to exploit this vulnerability en masse. Ransomware attacks trying to exploit it have already been detected.

The time to audit and update is now

The Log4Shell vulnerability has caused companies around the world to carry out a complete audit of all the software they use and / or develop to detect the presence of vulnerable versions of the Log4j 2 library. With hundreds of thousands of recently detected attack attempts and blocked only by ESET systems, there is no time to waste in this search.

Therefore, organization leaders need to approach the IT team as soon as possible and ensure that a comprehensive search of all software assets from A to Z is being conducted. Many software development companies have already audited their products and have communicated to customers if they have been affected by Log4Shell and, if so, what mitigations customers should implement to minimize risks. That said, it’s important that your organization’s IT team look for those communications right away. It is very important that once the vulnerable versions of the Log4j library are identified the IT team updates the library to the latest version, which is currently 2.16.0 . 

Please follow and like us:
Pin Share