[TheRecord] CISA director: Log4Shell has not resulted in ‘significant’ government intrusions yet

Top officials at the US Cybersecurity and Infrastructure Security Agency on Monday said the Log4Shell vulnerability has mostly resulted in cryptomining and other minor incidents at federal agencies, but warned that threat actors may soon start actively exploiting the vulnerability to disrupt critical infrastructure and other assets.

“We’ve been actively monitoring for threat actors looking to exploit [Log4Shell],” said CISA director Jen Easterly at a press briefing Monday morning, referring to a zero-day vulnerability in a widely-used Java logging framework that was publicly announced one month ago. “Over the past several weeks we have seen widespread exploitation of Log4Shell by criminal actors who use it to install cryptomining software on victim computers or to capture victim computers for use in botnets.”

“At this time we have not seen the use of Log4Shell resulting in significant intrusions,” she added. “This may be the case because sophisticated adversaries have already used this vulnerability to exploit targets and are just waiting to leverage their access until network defenders are on lower alert.”

Jen Easterly

Such a scenario was seen in 2017, when credit-reporting giant Equifax was compromised in a high-profile breach several months after an exploit was discovered in the open-source Apache Struts web application framework. The company’s failure to patch the bug resulted in the compromise of information related to more than 100 million consumers.

Eric Goldstein, CISA’s executive assistant director for cybersecurity, echoed Easterly’s assessment and said that—despite the widespread nature of the vulnerability and its ease of use—there have not yet been serious incidents related to government computer systems.

“We are not seeing confirmed compromises of federal agencies, including critical infrastructure,” he said. “We’re seeing widespread scanning by malicious actors, we’re seeing some prevalence of what we would call low level activities like installation of cryptomining malware, but we’re not seeing destructive attacks or attacks attributed to advanced persistent threats.”

Goldstein added that there would be a “long tail remediation” because of how widespread the issue is — CISA estimates that hundreds of millions of devices are impacted.Easterly said CISA is aware of reports of attacks affecting foreign government agencies, including the Belgian Defense Ministry, as well as reports from cybersecurity firms that  nation-state adversaries are developing attacks using Log4Shell, but said CISA cannot independently confirm those reports at this time.

The post CISA director: Log4Shell has not resulted in ‘significant’ government intrusions yet appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2019-10-06

HildaCrypt Ransomware Developer Releases Decryption Keys www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ The developer behind the HildaCrypt Ransomware has decided to release the ransomware’s private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.. BleepingComputer had a conversation with the ransomware developer last night and was told […]

Read More

[TheRecord] Two ransomware operators arrested in Ukraine

Two members of a ransomware gang were arrested in Ukraine following a joint international law enforcement operation. The arrests took place last week, on September 28, in Kyiv, Ukraine’s capital, and were carried out by officers of the Ukrainian National Police, with aid from the French Gendarmerie, the FBI, Europol, and Interpol. Two suspects were […]

Read More

Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.” Australian government warns of possible ransomware attacks on health sector www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 […]

Read More