We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning notifying organizations that malicious threat actors are continuing to exploit the zero-day Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) to obtain initial access to target systems without the necessary patches.
In the report, CISA recommends all organizations with affected systems that haven’t deployed patches “assume compromise and initiate threat hunting activities.”
Above all, the notice highlights that enterprises who haven’t patched Log4Shell are still at risk, and at the very least, need to deploy available patches to their systems, if not take steps to remediate an intrusion.
A look at the history of Log4Shell
Alibaba’s cloud security team first discovered and reported the Log4Shell vulnerability to Apache on November 24, 2021.
The researchers initially noticed attackers using an exploit in Apache Log4j 2, an open-source library that logs errors and events within Java applications, to remotely execute malicious code to servers and clients running Minecraft.
While Apache patched the vulnerability on December 9, 2021, Log4Shell had already gained a reputation as a serious zero-day vulnerability, that commentators warned would “wreak havoc across the internet for years to come,” with an estimated 3 billion exploitable devices.
As publicity grew over the vulnerability, threat actors began to direct attacks at enterprises across the world, with Microsoft finding an uptick in techniques including mass-scanning, coin mining, establishing remote shells, and red-team activity.
Since then, the exploit has decreased confidence in third-party cloud software to the point where 95% of IT leaders report that Log4Shell was a major wake-up call for cloud security. And additionally, 87% reporting they feel less confident about their cloud security now than they did prior to the incident.
Many affected software packages are still unpatched
While it’s been months since Log4Shell was first discovered and many …