As organizations grow complacent, the cyber-vulnerability is making a comeback.

In early December 2021, a security vulnerability called Log4Shell was discovered. This bug was considered to be one of the most severe security vulnerabilities ever. It’s time to cue LL Cool J and “Mama Said Knock You Out”, because Log4Shell isn’t making a comeback, it never left.

LL Cool J

The vulnerability tracked as CVE-2021-44228 and referred to as “Log4Shell,” affects Java-based applications that use Log4j 2 versions 2.0 through 2.14.1. In addition, any products that bundle Log4j 2 are affected. It is remotely exploitable without authentication and over a network without a username and password. The exploitation of this vulnerability can lead to data exfiltration and ransomware.

More than a year after the discovery of a critical security flaw in a widely used software component, 72 percent of organizations remain vulnerable to attack, according to cybersecurity firm Tenable.

Worryingly, a large number of organizations that had initially fixed the bug have since reintroduced it to their systems by installing vulnerable software, says Bernard Montel, technical director, and security strategist at Tenable.

According to Tenable, the number of machines vulnerable to the exploit has decreased from 10% in December to 2.5% as of October. However, up to a third of these machines had already been patched and have since been reinfected with Log4Shell.

There is a problem with Log4Shell that it is often not clear whether it is included in a particular tool, or even when it is, most developers are not sufficiently security-minded to check whether it is up-to-date or not, particularly given the pressure they are under to produce code quickly.

Vulnerability remediation is an important process that should be ongoing. Organizations should continually assess their environments for Log4Shell and other known vulnerabilities. Eradicating Log4Shell is an ongoing battle that calls for organizations to continually assess their environments for the flaw, as well as other known vulnerabilities.

CyberMaxx recommends that customers review the Apache and Microsoft security advisories below and implement the appropriate security updates to remediate the vulnerability. All systems, including those that, are not customer-facing, are potentially vulnerable to this exploit. Therefore, it’s also recommend upgrading backend systems and microservices. Microsoft recommends updating Log4Shell to 2.15.0. CyberMaxx also recommends limiting outbound connections from servers to help mitigate this attack.

References: