The threat posed by the Log4j vulnerability hasn’t gone away over the holidays, with the UK’s National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves.
“Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately or subsequently consult the NHS Digital High Severity Cyber Alert CC-3995,” said the advisory.
In early January, the Federal Trade Commission went furtherand also shared an announcement warning that it will go after any US company that fails to protect its customers’ data against ongoing Log4J attacks.
“Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers,” said the FTC’s official warning.
“The Log4j vulnerability is part of a broader set of structural issues. It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.[1] This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security,” it concluded.
In a blog published last week, cybersecurity vendor Armis stated that hackers continued to exploit Log4j over the holidays , noting a significant increase in the number of attacks detected in ICS/OT networks. The most targeted devices were virtual machines, servers and personal computers, though IP cameras, printers, mobile phones, and cameras were also subjected to attack. Dana Tamir, VP of product marketing at Armis said “We expect to see more attacks targeting organizations in 2022. And while organizations are working furiously to patch vulnerable systems, vulnerable systems will continue to exist in our environments, either because they are difficult to patch, or can’t be patched at all. This requires us to keep track of unpatched, vulnerable systems, and ensure other protections are in place to prevent exploitation. In addition, it’s important to detect threats targeting these systems in real-time, to properly respond to this threat.”