The Apache Log4j vulnerability sparked panic amongst businesses and organizations of all sizes and across all industries this recent holiday season. The remote code execution, which allows any threat actor to run code on a server, is one of the most dangerous vulnerabilities we’ve seen. CISA Director Jen Easterly even warned that it poses severe risk to organizations.
The Log4Shell vulnerability presents a different kind of challenge for MSPs. Many software vulnerabilities are limited to a specific product or platform, such as the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange. Once defenders know what software is vulnerable, they can check for and patch it. However, Log4Shell is a library that is used by many products. It can therefore be present in the darkest corners of an organization’s infrastructure.
Sophos has seen scans and exploit attempts from a globally distributed infrastructure on a daily basis. MSPs should expect this degree of activity to continue, due to the multi-faceted nature of the vulnerability and the large extend of patching required.
Patching alone isn’t the solution, however. While MSPs have been all hands-on-deck to keep pace and ensure their customers were protected, it’s now important that they continue to proactively monitor customer environments and remove any traces of intruders, even if it just looks like nuisance commodity malware.
They must assume the worst, and act accordingly. That’s because once an attacker has secured access to a network, any infection can follow. Threat actors could still be sitting on attacks that take advantage of the vulnerability, waiting to deploy it when an organization is least expecting.
It’s also important that MSPs revisit cybersecurity basics. Organizations that maintain a strong security posture through a layered approach to defenses will be in a far less vulnerable position when the net Log4j is exposed.
More: To learn more about the Apache Log4j vulnerability, why it works, what it can do, and how to fix it click here.