What Every Business Should Know About Log4Shell
In many cases, updating IT systems and patching vulnerabilities is something that business owners have little interest in, other than approving the IT team's budget.
This disinterested approach is sometimes irritating when breaking news comes out of another company experiencing a cyberattack or data breach due to a security flaw in some of the software they use. Reading such news immediately leads to several questions, such as "Does my company use this software? And if so, have we applied the patch?"
The Log4Shell vulnerability situation leads to even more of these troubling questions. Let's explain for starters: This vulnerability involves a worldwide piece of code (the Apache Log4j 2 library) that can be easily found in any software your company uses, sometimes without your IT staff even knowing about it. In that sense, it's unlike pretty much any other vulnerabilities that IT security teams typically deal with. Also, exploiting the weaknesses found in this code is easy for attackers and dangerous for your business.
Sitting comfortably behind computer screens in a remote location and armed with a little knowledge of the Java programming language (who may not even need to) cybercriminals can scan the internet and send malicious packets to compromise any of your exposed systems with a vulnerable version of this code library running on it. .
If your system processes such a malicious package, the attacker can now take over the entire system by allowing one of your devices to reach a malicious website and download malware, and the game is over before it even starts. Likewise, an attacker inside your network can easily break into other systems using the same attack approach.
So far, ESET detection systems have seen attackers attempting to inject malware such as Tsunami and Mirai trojans in the guise of a cryptocurrency miner or Meterpreter penetration testing tool. It seems only a matter of time before attacks intensify and swarms of advanced threat actors target the vulnerability.
https://twitter.com/ESETresearch/status/1471177220303511564
Related Articles:
- 4 Practical Strategies for Log4j Discovery
- NVIDIA, HPE Products Affected by Log4j Vulnerabilities
- Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities
- ESET Announces 22 Cybersecurity Statistics for 2022
- APT ‘Aquatic Panda’ Log4Shell Exploit Araçları ile Üniversiteleri Hedefliyor
It's time to check and update
The Log4Shell vulnerability has caused companies worldwide to re-inspect all software they develop using vulnerable versions of the Log4j 2 library. There are hundreds of thousands of attack attempts that only ESET systems detect and block. Now is not the time to waste time updating your systems.
Businesses should conduct a full scan of all software assets from A to Z with a priority list with their IT teams. Many software development companies have already audited their products and published customer recommendations on whether they are affected and if so what mitigation measures customers should take. Your IT team needs to quickly review these advisory recommendations. You can find ESET's customer advice here.
Critically, once vulnerable versions of the Log4j library are identified, IT teams should update to the latest version of the library, currently 2.16.0. IT admins can follow the tips shared here.
Source: https://www.eset.com/tr/blog/her-isletmenin-log4shell-hakkinda-bilmesi-gerekenler/
Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.