ArchiveOODA OriginalSecurity and Resiliency

CISA and Coast Guard Cyber Command Warn of Ongoing Log4Shell Attacks

Background

In March 2021,  OODA CTO Bob Gourley had an OODAcast conversation with Ellen McCarthy.  Ellen’s career began at the office of Naval Intelligence. She then moved to Norfolk and the Atlantic Intelligence Center and would later lead all intelligence activities for the US Coast Guard as their director of intelligence.  McCarthy then joined DoD’s office of the undersecretary of defense for intelligence working strategy and human capital management. Later she led the nonprofit public-private partnership INSA (the intelligence and national security alliance), helping make that organization what it is today.  She returned to government service as the Chief Operating Officer of the National Geospatial-Intelligence Agency (NGA), then later led the firm Noblis as its president. Ellen was then appointed the Assistant Secretary of State for Intelligence and Research (INR), where she led an organization famed for the highest quality of analysis in the US IC.

In the conversation, Bob and Ellen spoke highly of her time with the Coast Guard, including the agency’s formal entry into the intel community and the sophistication of the United States Coast Guard Cyber Command (CGCYBER).

With the context provided by this OODAcast conversation, we return to the joint Cybersecurity Advisory (CSA) released in late June by the Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) “to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.”

This CISA/CGCYBER collaboration caught our eye and we analyze how it compares to previous joint CSAs and is differentiated by CGCYBER’s unique brand of intelligence. This joint CSA also provided a context for an OODA Loop update on the ongoing Log4Shell threat of attacks and further evidence of the success of the CISA JCDC (as VMware and Secureworks are direct contributors to this joint CSA).

To continue reading please consider joining as either a subscriber or full member to support our continued research and analysis. For more on benefits of membership see below.

Want more insight? Log in for the full report

Already a member?  Sign in to your account.

Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.