Lessons Learned from the Apache Log4j Vulnerability

Patching alone isn't the Log4j solution; MSPs must assume the worst and act accordingly.

Sophos Guest Blogger

January 28, 2022

2 Min Read
Getty Images

The Apache Log4j vulnerability recently sounded an alarm for organizations around the globe, and for good reason. CISA Director Jen Easterly even warned of severe risk to organizations regardless of size or industry.

The vulnerability, which allows threat actors to run code on a server, has the potential to cause more harm to a business than any of the cyberattacks we’ve seen over the past year. It also presents a different kind of challenge for partners and their customers.

Many software vulnerabilities are limited to a specific product or platform, such as the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange. Once defenders know what software is vulnerable, they can check for and patch it. However, Log4Shell is a library that is used by many products. It can therefore be present in the darkest corners of an organization’s infrastructure.

Sophos has seen scans and exploit attempts from a globally distributed infrastructure on a daily basis. MSPs should expect this degree of activity to continue, due to the multi-faceted nature of the vulnerability and the large extend of patching required.

Patching alone isn’t the solution, however. While MSPs have been all hands-on-deck to keep pace and ensure their customers are protected, it’s important that they continue to proactively monitor customer environments and remove any traces of intruders, even if it just looks like nuisance commodity malware.

They must assume the worst and act accordingly. That’s because once an attacker has secured access to a network, an infection can follow. Threat actors could still be sitting on attacks that take advantage of the vulnerability, waiting to deploy it when an organization is least expecting.

It’s also important that MSPs revisit cybersecurity basics. Organizations that maintain a strong security posture through a layered approach to defenses will be in a far less vulnerable position when the net Log4j is exposed.

To learn more about the Apache Log4j vulnerability, why it works, what it can do, and how to fix it click here.

Scott Barlow is vice president, global MSP and cloud alliances, at Sophos.


This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like