https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Log4j vulnerability

Log4j Vulnerabilities Threaten All Industries, Verticals Globally

  • Written by Edward Gately
  • January 5, 2022
Exploitation attempts and testing remained high during the last weeks of December.

Log4j vulnerabilities continue to pose a complex and high-risk situation for companies globally, according to Microsoft.

The Microsoft 365 Defender Threat Intelligence Team has updated its guidance for preventing, detecting and hunting for exploitation of log4j vulnerabilities.

Last month, researchers discovered a zero-day exploit in log4j, the the popular Java logging library. It results in remote code execution (RCE) by logging a certain string. Since then, additional vectors have been discovered.

Exploitation attempts and testing remained high during the last weeks of December, the Microsoft team said.

“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” it said.

Organizations may not realize attackers have already compromised their environments. Customers should do additional device reviews where vulnerable installations are discovered.

At this point, customers should assume broad availability of exploit code and scanning capabilities are a real and present danger to their environments.

FTC Issues Warning

In addition, the Federal Trade Commission (FTC) has issued a warning to U.S. companies saying it will go after any company that fails to protect its customers’ data against ongoing log4j attacks.

The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of log4j vulnerabilities, or similar known vulnerabilities in the future.

“It is critical that companies and their vendors relying on log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action,” it said.

The McAfee Enterprise and FireEye Advanced Threat Research team said with the full scale of the log4j vulnerabilities’ impact still unknown, opportunities for threat actors are endless.

Log4Shell Spares No One

Steve Povolny is head of advanced threat research and principal engineer at McAfee Enterprise.

McAfee's Steve Povolny

McAfee’s Steve Povolny

“Log4Shell has truly redefined what we think of as an attack surface, sparing neither Fortune 50 companies nor mom-and-pop shops around the world,” he said. “As log4j is one of, if not the most popular logging applications used by developers, the reach of the vulnerability simply can’t be overstated. Organizations in every industry vertical have been affected, from financial to medical, telecom to aerospace, industrial controls to consumer devices, and many more critical industries have been subjected to attacks on this simple-to-exploit flaw.”

The good news is this vulnerability gained global attention and discussion within hours of public acknowledgement, Povolny said. It has received more attention and awareness than “any bug I’ve seen in at least the last five years.”

“The focus has been on patching, which is of course highly relevant, and should be table stakes,” he said. “What’s being discussed less is the forensics exercises and remediation that may be going on with now-patched systems for months to come. Organizations need to understand that even if they have secured their infrastructure from exploitation against the log4shell vulnerability, it is highly possible and perhaps likely that many of these components were silently breached, and effectively hidden.”

The only way to remediate this is via extensive monitoring, assessment, scanning and forensics, Povolny said.

“The scope of this effort can be massive and will probably play out for months or years to come,” he said.

Slow Response ‘Unacceptable’

Many large organizations deployed patches rapidly, Povolny said. However, others reacted slower.

“This is truly unacceptable,” he said. “While we can’t plan on the timing of critical vulnerabilities like this, there is a regular cadence of these industry-changing bugs on at least an annual basis. Organizations of all types and sizes must leverage this opportunity to plan better for the next major flaw, so they can react within hours instead of days or weeks.”

Ray Kelly is fellow at NTT Application Security.

WhiteHat Security's Ray Kelly

WhiteHat Security’s Ray Kelly

“The importance of detection cannot be overstated as it is not always obvious which software is utilizing a vulnerable version of the log4j library,” he said. “Microsoft has laid out several methods for detecting active exploit attempts utilizing log4j; however, identifying the vulnerable version before an attack would be ideal. This will be a continuing battle for both consumers and vendors going forward into 2022 in what will need to be a two-pronged approach. Security vendors have been quick on the response for consumers by adding log4j rules that enable dynamic application security testing (DAST) scanners to detect if a website can be exploited with a malicious log4j web request against a company’s web server. At the same time, vendors must ensure that they are not shipping software with the vulnerable version using tools such as software composition analysis (SCA).

‘Extremely Long Tail’

Jake Williams is co-founder and CTO at BreachQuest.

BreachQuest's Jake Williams

BreachQuest’s Jake Williams

“As Microsoft notes, this vulnerability will have an extremely long tail for exploitation considering that many organizations do not even realize they are running vulnerable software,” he said. “Unfortunately, and nobody wants to hear this, there’s nothing left to say about remediating log4j that hasn’t already been said hundreds of times. Any organization asking today what they need to do regarding log4j almost certainly has an incident on their hands. Being exploited through an internet-facing system running vulnerable log4j at this point is a leadership failure, not a technical one.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs Analytics Best Practices Channel Research Cloud MSSP Insider Regulation & Compliance Security Vertical Markets

Most Recent


  • the software patching problem - solved
    The Software Patching Problem - Solved
    Organizations are struggling to keep up with the pace of software security patches and updates, making automation essential.
  • Making Waves
    7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More
    Over 100,000 unfilled jobs for IT professionals have been eliminated.
  • Public Cloud Spending Is Slowing: AWS, Google Cloud Sales Down (Not Out)
    The numbers mesh closely with Microsoft’s Intelligent Cloud results, indicating industry-wide pullbacks.
  • Collin Ellis at Zero Trust World 2023
    Zero Trust World 2023: A Deep Dive Into the Dark Web, ThreatLocker Gold Partner Awards
    Cybercriminals will steal data just to prove someone has bad security.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • weak password
    Credential Stuffing Compromises More Than 1.1 Million Online Accounts
  • Threats
    Cyber Threats Aren’t Letting Up: What to Know for 2022
  • Not Equal
    Not All Security Risks Are Created Equally
  • Evil Santa Hacker
    As Holidays Approach, Log4j Vulnerability Exploitations Continue Unabated

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

7 Channel People Making Waves This Week at Pax8, Canalys, Microsoft, Splunk, More

February 3, 2023

Post-TBI Acquisition, Partners Weigh the Future of AppDirect, TSDs

February 3, 2023

Juniper Networks Shows ‘Swagger’ with Ambitious Growth Strategy

February 3, 2023

Industry Perspectives

View all

The Software Patching Problem – Solved

February 3, 2023

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

Channel people making waves include: @RobTRae, @vasujakkal, @ReneeIMCloud, @garylsteele dlvr.it/ShvjQ3 https://t.co/yz09flzXvV

February 3, 2023
ChannelFutures

The slowdown in #publiccloud spending is real and it’s arrived at #AWSCloud and #GoogleCloud.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

#ZTW23: @ThreatLocker Gold Partners announced, deep dive into the dark web. dlvr.it/ShvFGF https://t.co/k68BfzLToq

February 3, 2023
ChannelFutures

Channel Partner Success Story: Forerunner Technologies - Learn how @NEC UNIVERGE BLUE Cloud Solutions enabled… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Partners and suppliers weighed in on the AppDirect-TBI acquisition and its implications for the channel.… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

Read about @coxbusiness' acquisition of @Logicworks. dlvr.it/Shty4t https://t.co/3MaKai6SVr

February 3, 2023
ChannelFutures

Where in the world are the top MSPs?? Take a look at the infographic breakdown of 2022 #MSP501 winners by region >>… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

.@SovosCompliance offers tips for how and when to revamp #partnerplans. dlvr.it/ShtDgv https://t.co/vPzajXnjee

February 3, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X