Cybereason Warns Of Log4Shell Exploits Over Holidays

Cybereason-Government-Inc.-Warns-of-Log4Shell-Exploits-over-Holidays

Cybereason Government Inc. cautioned organisations to be vigilant over the Christmas and New Year’s Holidays in the face of an anticipated surge in cyber attacks. The risk is exacerbated by active exploits targeting the recently disclosed Log4Shell vulnerabilities impacting the widely used Log4j logging software.

In a recent report conducted by Cybereason, titled Organisations at Risk: Ransomware Attackers Don’t Take Holidays, 60 per cent revealed that cyber-attacks occurring over weekends and holiday periods took longer to assess the scope of the attack. The cyber risk this holiday season is compounded by reports of a growing number of attacks exploiting Log4Shell vulnerabilities that impact nearly a third of all web servers and numerous software applications and services.

Also Read: The 5G Network to drive the edge of AI solutions

Cybereason researchers developed a freely available vaccine called Logout4Shell that leverages the Log4Shell exploit to neutralise the Log4j vulnerabilities. Cybereason also recently briefed officials from CISA and the FBI regarding the risk from ransomware attacks over the holiday period precisely, given that most organisations only maintain skeleton crews on weekends and holidays, which increases the likelihood an attack will be successful.

Cybereason recommendations for reducing cyber-attack risks during holiday periods include:

  • Upgrading to the latest patched version of Log4j as soon as possible, or leverage the Cybereason Logout4Shell vaccine to protect vulnerable servers while assessing the steps required to implement the patch.
  • Evaluate lock-down of critical accounts for the weekend/holiday when possible. The highest privilege accounts, in many cases, are rarely required to be in use during the weekend or holiday breaks.
  • Ensuring transparent isolation practices are in place to stop further ingress on the network or spread malware or ransomware to other devices. Teams should be proficient at disconnecting a host, locking down a compromised account, blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended to make sure all personnel and procedures work as expected.
  • Assuring key security team members can be reached anytime, public and private, as critical response actions can be delayed during weekend/holiday periods. Having clear on-call duty assignments for off-hours security incidents is crucial here.

Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason Government advantage or schedule a demo today to learn how your organisation can benefit from an operation-centric approach to security.