Register now for better personalized quote!

CISA director: 'We have not seen significant intrusions' from Log4j -- yet

Jan, 10, 2022 Hi-network.com

Officials with the US Cybersecurity and Infrastructure Security Agency (CISA) said on Monday that they have not seen the exploitation of Log4Shell result in significant intrusions since the vulnerability came to light in December.

CISA director Jen Easterly and executive assistant director for cybersecurity Eric Goldstein fielded questions from reporters during a briefing on Monday, telling attendees that outside of an attack on the Belgian Defense Ministry, they have not seen any damaging incidents that resulted directly from the exploitation of the Log4j vulnerability. 

more Log4j

  • Log4j zero-day: How to protect yourself
  • Apache releases new 2.17.0 patch
  • Security firm discovers new attack vector
  • 10 questions you need to be asking
  • Governments release Log4j advisory
  • So far, nearly half of corporate networks have been attacked
  • US: Hundreds of millions of devices at risk

"At this time, we have not seen the use of Log4Shell resulting in significant intrusions. This may be the case because sophisticated adversaries have already used this vulnerability to exploit targets and are just waiting to leverage their new access until network defenders are on a lower alert. Everybody remembers the Equifax breach that was revealed in September of 2017 was a result of an open-source software vulnerability discovered in March of that year," Easterly said. 

"It may also be due in part to the urgent actions taken by defenders and many organizations to rapidly mitigate the most easily exploitable devices, such as those accessible directly from the internet," Easterly added. "We do expect Log4Shell to be used in intrusions well into the future." 

Easterly added that they could not confirm multiple reports from cybersecurity companies that ransomware groups were leveraging the Log4j vulnerabilities for attacks. 

Goldstein noted that even though they have not seen any significant attacks, there has been widespread scanning and exploitation of Log4Shell by cybercriminals who use it to install cryptomining software on victim computers or to capture victim computers for use in botnets.

He added that CISA has not seen any confirmed compromises related to federal agencies or critical infrastructure organizations. According to Goldstein, CISA is "not seeing destructive attacks or attacks attributed to advanced persistent threats."

Easterly touted the agency's efforts to deal with the Log4j crisis, explaining that their catalog of the more than 2,800 products affected by Log4j got hundreds of thousands of views and their Log4j scanner was downloaded nearly 4,000 times. 

Even though CISA has not seen a confirmed attack resulting from Log4j, cybersecurity companies are reporting millions of attempts to exploit the vulnerability. 

Cybersecurity firm NETSCOUT told ZDNet that the number of Log4j exploits it has blocked is approaching eight digits, and it recently blocked five million in a single day. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.