Skip to main content
banner image
venafi logo

Log4j Vulnerability Is Only Going to Get Worse: Venafi’s Yana Blachman Weighs In

Log4j Vulnerability Is Only Going to Get Worse: Venafi’s Yana Blachman Weighs In

log4j-venafi-blachman-commentary
December 16, 2021 | Brooke Crothers

With the Apache Log4j vulnerability seeing widespread exploitation, Venafi’s Yana Blachman says the situation could deteriorate rapidly to more destructive attacks from more sophisticated groups backed by nation-state actors and ransomware gangs. “Patching should be the concern of everyone asap,” says Blachman.

Do You Understand the Anatomy of a Supply Chain Attack? Download the White Paper.
What is the Log4j vulnerability and why all of the dire warnings?

As major threat actors rachet up attacks, Yana Blachman, Threat Intelligence researcher at Venafi, explains why the Log4j vulnerability is so serious.

CISA has characterized the vulnerability as “one of the most serious…if not the most serious.” In response, CISA and its partners are tracking and responding to active, widespread exploitation of the vulnerability and CISA now has an Apache Log4j Vulnerability Guidance webpage.

“Log4Shell is a 0-day RCE vulnerability (CVE-2021-44228) in Log4j, a popular Java library for logging in Java applications, that allows a remote attacker to execute arbitrary code by sending a crafted log,” Yana Blachman, Threat Intelligence researcher at Venafi, said.

“The combination of this library being practically everywhere and the vulnerability being trivial to exploit with many exploits and PoCs [proof of concept] available online—makes it extremely dangerous and highly effective for every type of cybercriminal activity,” according to Blachman.  

Blachman goes on to say that the widespread exploitation of the vulnerability means every corporate network is at risk.

“Since it was disclosed on Thursday, and some report even earlier than that, the vulnerability is [being] massively exploited in the wild by cryptomining and DDoS crime groups, such as Mirai, Muhstik, and Kinsing,” Blachman said.

“This can change very fast to more destructive attacks from more sophisticated and dangerous groups and leveraged by nation-state actors and ransomware gangs, [putting] every corporate network at risk. This is very alarming and patching should be the concern of everyone asap,” according to Blachman.

What criminal groups are involved and what action to take

The Microsoft Threat Intelligence Center (MSTIC) has observed the vulnerability being used by nation-state activity groups originating from China, Iran, North Korea, and Turkey.

“This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives,” according to Microsoft.

These access brokers then sell access to these networks to ransomware-as-a-service affiliates.

“This type of service might be extended and sold to other groups and ‘customers’ such as nation state actors leveraged for cyberespionage and IP theft purposes, similarly to other cases we’ve seen in the past,” Blachman said.

Blachman continued. “This type of initial access can be then leveraged by whoever it is sold to for credential access, using dedicated malware modules for stealing credentials and machine identities from infected Unix and Windows machines to then perform lateral movement within the targeted network for further exploitation, downloading malware or ransomware.”

We recommend companies to use the Log4Shell scanner [log4shell.huntress.com] to assess if they are vulnerable and patch it asap before becoming a victim, Blachman said.

Related Posts

Like this blog? We think you will love this.
machine-and-human-identities
Featured Blog

Surge in Machine and Human Identities Drive Security Policies at Organizations [Report]

‘Explosion’ of machine identities

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more