Our Blog

Log4Shell: You Can't Protect What You Don't Know About

Written by Cleber Souza | Jan 28, 2022 6:20:37 PM

Like many other threats in the past, the Log4Shell vulnerability came out of nowhere to become a top concern for companies around the globe. Within the first 72 hours of the discovery, over 840,000 cyberattacks were reported using the Log4Shell vulnerability that allowed bad actors to exploit systems and extract data or execute malicious code.

Like most IT professionals out there, you probably wondered “Am I going to be impacted? Are we ready to defend our systems against this threat?”

Were You Ready?

Considering how ubiquitous Log4Shell is, and how trivial the vulnerability is to exploit, companies needed to be able to respond quickly and identify their exposed hosts in a matter of hours, not weeks.

So how ready were you really? If your company was like most, you threw resources at monitoring and performing patchwork prevention while waiting for your vendor’s responses to the threat that would eventually come in form of hotfixes. Meanwhile, you were likely still left in the dark as to how many of your hosts were exposed

Log4Shell – Fukushima or Tip of the Iceberg?

Our RSP Team wrote a recent blog that went into more details on the Log4Shell vulnerability which you can read here.

 

Are You Ready Now?

The consensus is that these kinds of attacks are just the beginning. The severity of this vulnerability brought the digital and security communities together, which helped avoid it becoming a big catastrophe. However, we expect to see more, severe attacks ahead. Some of the initial attack scans did nothing but secure access to a vulnerable target without deploying any malware. This is intentional as the breach remains undetected until such a time that the bad actor is ready to deploy its malware, or sell that information to the highest bidder.

We need to respond now and shift the way we look at vulnerabilities. These are no longer just the security teams’ concerns – they involve engaging developers, service desk, operations, and IT management.

Team Service Desk

As Service Desk teams, we can help by having an up-to-date asset list that identifies all assets running in our environments. You can’t protect what you don’t know. Completing a proper Discovery and Asset management scan can go a long way in closing gaps in your understanding and mobilizing your security efforts.

BMC Helix Discovery uses TPL, or patterns, to discover information in your infrastructure. It scans your network and asks a set of questions to each one of them, returning information on all software and components installed into each one of them. BMC Discovery’s agentless architecture means no host will be left behind.

Having these asset maps ready is an invaluable measure. You can learn more about Asset Discovery here.

In response to a vulnerability like Log4Shell, Asset Discovery allows organizations to move quickly and identify hosts that were exposed to a threat:

  • It took BMC Software less than 4 days to release an updated pattern file to help users identify hosts that were exposed to the threat.
  • Online was able to leverage Asset Discovery to help a number of our clients with timely information to help them make critical decisions in even less time.

 

You Need to Move...Now

The time to act is now. You don’t want to fall victim to the Log4j vulnerability now or ever. This threat will be replaced with another one, and then one more. Let us help you so you never have to ever wonder if you are ready ever again.

  • If you need immediate help, Online can scan your environment in as little as 3 days, and provide you with a report of all the hosts and equipment. You can use this report to patch your systems and close any back doors. We are here to help.

     
  • If you want to learn more about Log4Shell, better understand your tactical response activities, and improve your response position, check out our recent Log4Shell webcast: Log4Shell is the Latest Exploit, Not the Last.