ArchiveOODA Original

Log4Shell Update from CISA Director Easterly and DHS CISA JCDC Company Updates

Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of Log4j vulnerability and Log4Shell exploits within their organization.  Following is a ‘big picture’ update of CISA press releases, global incidents, and impacts for your review when you come up for air  – and need to assess more of the strategic challenge ahead with the vulnerability and the potential for executables within your systems.

Summary

CISA Director Easterly and Eric Goldstein (CISA’s executive assistant director for cybersecurity) Hold Virtual Press Conference

From our friends over at The Record:  “Top officials at the US Cybersecurity and Infrastructure Security Agency on Monday said the Log4Shell vulnerability has mostly resulted in crypto-mining and other minor incidents at federal agencies, but warned that threat actors may soon start actively exploiting the vulnerability to disrupt critical infrastructure and other assets.”

“We’ve been actively monitoring for threat actors looking to exploit [Log4Shell],” said CISA director Jen Easterly at a press briefing Monday morning. “Over the past several weeks we have seen widespread exploitation of Log4Shell by criminal actors who use it to install crypto-mining software on victim computers or to capture victim computers for use in botnets.  At this time we have not seen the use of Log4Shell resulting in significant intrusions.  This may be the case because sophisticated adversaries have already used this vulnerability to exploit targets and are just waiting to leverage their access until network defenders are on lower alert.”

Echoing Easterly’s comments, Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity, offered the following in the virtual press conference:  “We are not seeing confirmed compromises of federal agencies, including critical infrastructure.  We’re seeing widespread scanning by malicious actors, we’re seeing some prevalence of what we would call low-level activities like installation of crypto mining malware, but we’re not seeing destructive attacks or attacks attributed to advanced persistent threats.” (2)

CISA estimates that hundreds of millions of devices have the vulnerability.   Mirroring OODA CEO Matt Devost’s assessment of the long-term impact of the Log4j vulnerability, Goldstein added that the issues are widespread and would require a “long tail remediation.”

CISA Vendor Recommendations

In order for vulnerabilities to be remediated in products and services that use affected versions of Log4j, the maintainers of those products and services must implement these security updates. Users of such products and services should refer to the vendors of these products/services for security updates. Given the severity of the vulnerabilities and the likelihood of an increase in exploitation by sophisticated cyber threat actors, CISA urges vendors and users to take the following actions.

  • Vendors
    • Immediately identify, mitigate, and update affected products using Log4j to the latest version.
    • Inform your end-users of products that contain these vulnerabilities and strongly urge them to prioritize software updates.
  • Affected Organizations

Mitigation Guidance from JCDC Partners

Further Resources

Log4Shell Incidents and Mitigation Activities To-date: Governmental Agencies (Global)

OODA Loop – 2021 Year-End Review: Cybersecurity

Log4Shell Exploit Used in Cox Media Group Ransomware Attack Attributed to Iranian Hackers

CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners

Related Reading:

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

 

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.