Log4Shell Vulnerability To Have Massive Impact Into 2022 And Beyond

The worst is yet to come from the Log4Shell vulnerability, which already is having a massive effect on the tech industry.

Netwrix’s Dan Piazza

So says Dan Piazza, technical product manager at Netwrix. Last week, researchers discovered a zero-day exploit in the popular Java logging library log4j. It results in remote code execution (RCE) by logging a certain string.

Exploiting this Log4Shell vulnerability is as simple as getting an application that uses log4j to log a special string, Piazza said. After that, the attacker will have RCE on a completely breached server.

UKG, the parent company of workflow management solutions provider Kronos, has been hit with ransomware. Although the company isn’t confirming it, reports suggest the ransomware attack exploited the Log4shell vulnerability.

“UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers,” a UKG spokesperson tells us. “We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services.”

Eddy Bobritsky is CEO of Minerva Labs.

Minerva Labs’ Eddy Bobritsky

“Ransomware attacks are becoming bolder and more sophisticated, using evasive malware techniques to get around regular EDR antivirus solutions,” he said. “As we can see here (UKG), even with quick detection and immediate action, a small ransomware attack can result in damages that can take ‘up to several weeks to restore system availability.’ This is why, despite its difficulty, it is important to start moving toward a prevention approach, rather than a detect and respond one.”

Log4j Used by Thousands

Thousands of applications, libraries and frameworks use log4j, Piazza said. That means the number of potentially impacted organizations is “staggering.”

“And with attackers already scanning the internet to find vulnerable targets, if organizations haven’t already started taking mitigation steps then it may already be too late,” he said.

Armis has detected Log4shell attack attempts in over a third of its clients; moreover, it continues to see new attacks every day. The top three types of the targeted devices are physical servers (42%), virtual servers (27%) and IP cameras (12%).

Armis has also spotted …