Skip to main content
close search
site logo
Dive Brief

Log4j under siege, millions of devices vulnerable

Published Dec. 14, 2021
David Jones's headshot
Reporter
CISA, cybersecurity, agency
Photo illustration by Danielle Ternes/CIO Dive; photograph by yucelyilmaz via Getty Images

First published on

Cybersecurity Dive

Dive Brief:

  • The Apache Log4j vulnerability has likely impacted hundreds of millions of devices and can be exploited by a wide range of threat actors, Jen Easterly, Cybersecurity and Infrastructure Security Agency director, and other agency officials told state and local officials, and critical infrastructure providers. 
  • The Log4j vulnerability is among the most serious cybersecurity risks since WannaCry, security analysts and industry researchers said. The vulnerability has serious implications for enterprise security and threat actors are actively launching botnet and cryptomining attacks. Ransomware attacks are expected to follow, industry researchers said.
  • Mandiant, an incident response specialist, is seeing Chinese government threat actors use the Log4j vulnerability already, Charles Carmakal, SVP and CTO, said through a Mandiant spokesperson via email. Mandiant officials did not provide details of the attack or any other evidence, however they did confirm that federal officials are aware of the alleged activities.

Dive Insight:

The Log4j vulnerability is extremely widespread and could potentially impact everything from applications and embedded systems to complex enterprise applications and their subcomponents, according to Jonathan Care, Gartner senior research director. As a sign of how far the impact has reached, there are concerns that the vulnerability may potentially impact the Ingenuity helicopter currently exploring the planet Mars, he said. 

Check Point Software is reporting more than 800,000 attempts to launch attacks 72 hours after initial reports of the vulnerability went public on Friday Dec. 9. The figures are based on sensor data collected by Check Point.

The frequency of attacks has jumped exponentially since the initial attacks, which measured about 40,000 on Saturday, Dec. 11, Check Point found.

Cybersecurity and software development leaders need to make "identification and remediation of this vulnerability an absolute and immediate priority," Care said via email. Exposure to Log4j is extremely likely and even if a system doesn't use Java, organizations should anticipate that key supplier systems, like SaaS vendors, cloud hosting providers or web server providers, do use Java. 

"Log4j is a library that is built into the logging functionality of a very large portion of the internet," said Nicholas Luedtke, principal analyst at Mandiant. "It is embedded/used by a ton of software that runs websites, clouds, security services, games, etc."

Since logs are important for security, debugging and audit trails, Luedke said it's important for some part of user controlled data to go into log files. 

"Enterprise clients are scrambling to address this vulnerability," said Allie Mellen, analyst, security and risk at Forrester. "They are looking for the most up-to-date information on how to patch this vulnerability on their own systems, which of their vendors are affected and what is the timeline from these vendors for patching."

CISA officials urged companies to take three urgent steps: 

  • Enumerate external facing devices that have Log4j
  • Ensure security operations centers are actioning alerts on these devices
  • Install a web application firewall using rules that automatically update so SOC teams don't have to focus on constant alerts.

CISA will also be updating a webpage with guidance on the vulnerability

Amid the widespread response, vendors are actively investigating their applications for potential impact from the Log4j vulnerability. 

"As with many software companies across the industry, VMware is working diligently on publishing fixes and workarounds for the Apache Log4j vulnerability, CVE 2021-44228," according to a statement from the company. "A VMware Security Advisory has been published, and customers should continue to visit the advisory for updates on impacted products, fixes and workarounds."

Cisco too is investigating which of its products may be affected by Log4j, a spokesman said via email. "Cisco is committed to transparency. When security issues arise, we handle them openly and as a matter of top priority, so our customers understand the issue and how to address it."

Cisco published a security advisory with regular updates and is also updating a security response page

Microsoft is also analyzing its applications for impact from the Log4j vulnerability. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell