Threat actor searches of vulnerable installations of the Log4J-2 utility are currently the most imminent risk to information technology environments: Large security solution providers report large volumes of scans by actors of all types in search for these facilities. In its latest newsletter, Check Point Software said it had logged 2.8 million scans on the networks it defends — with more than 46% of those attempts made by malicious groups known to the company’s researchers. The main data obtained by the company are as follows:
- Worldwide, 47% of corporate networks have already been wiped out
- In Brazil, 59% were swept away
- The most scanned country is Nepal, with 72%, followed by Slovenia, with 67%
- The most swept sector is IT, with 59.5%
- The least-swept sector is retail and wholesale, with 32.3%
- The five most targeted sectors: IT, Education, Telecom, Finance and Government
- The most swept region is Oceania, with 51.7% of the networks already swept
- The least swept region is Asia, with 43.6
- Latin America has a 48.1% rate of scans
Several organizations have made publications relevant to the detection of vulnerable Log4J-2 installations. One is Trend Micro and the other is Huntress. The two developed vulnerability tests, published at the addresses below:
- https://log4j-tester.trendmicro.com
- https://log4shell.huntress.com
Some organizations have created lists of applications (organized by vendor) that use Log4J-2. The two most relevant are CISA (US Government Cybersecurity Agency) and the Netherlands Cybersecurity Agency. The lists are at the addresses below:
- https://github.com/cisagov/log4j-affected-db
- https://github.com/NCSC-NL/log4shell/tree/main/software
With regard to risk in critical infrastructure, Chris Grove, senior security analyst at Nozomi Networks, notes that the current moment combines two characteristics that help attackers: the holiday season and the recent increase in the volume of attacks on these targets, and highlights the importance of CISA alerts. According to him, the agency has a high degree of visibility of risks and should be taken seriously even if its warnings seem simple. “And while it’s important to be more vigilant during the holiday season, anyone who operates critical infrastructure must wait for an attack to happen and always be ready to resolve it quickly,” he says.
Source: CisoAdvisor
