How the Log4Shell vulnerability has impacted cybersecurity
Image: Valtix

Log4Shell was a cybersecurity wake up call across every industry, according to new research from cloud security provider Valtix. The report found that 77% of the 200 respondents are still dealing with patching. Also, the vulnerability has negatively impacted the ability of IT teams to address business needs.

The survey found that tech leaders are prioritizing new tools, process changes and additional budget to address the weakness.

SEE: Log4Shell: Still out there, still dangerous, and how to protect your systems

In March 2022, Valtix worked with an independent research firm to survey 200 cloud security leaders to understand how the vulnerability has influenced security teams. The study shows how cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell.

The research found that 78% of IT leaders still lack clear visibility into what’s currently happening in their cloud environment:

  • 82% say visibility into active security threats in the cloud is usually obscured
  • 86% agree it’s more challenging to secure workloads in a public cloud than on-prem
  • Only 53% feel confident that all of their public cloud workloads and APIs are fully secured against attacks from the internet

Additionally, almost all respondents confirmed challenges associated with bringing endpoint security agents and firewall appliances to the cloud from their data centers with:

  • 79% agreeing that agent-based security solutions are difficult to operationalize in the cloud
  • 88% stated that bringing network security appliances to the cloud is challenging to the cloud computing operating model

Vishal Jain, co-founder and CTO at Valtix, said Log4Shell proved that defense in depth is essential even in the cloud because there is no such thing as an invulnerable app.

“Log4Shell exposed many of the cloud providers’ workload security gaps as IT teams scrambled to mitigate and virtual patch while they could test updated software,” Jain said. “They needed more advanced security for remote exploit prevention, visibility into active threats, or ability to prevent data exfiltration.”

Davis McCarthy, a principal security researcher at Valtix, said the research shows they are taking action in 2022 by prioritizing new tools, process changes and budget as it relates to cloud security.

The study authors also found that technical leaders in the energy industry are the most likely to have low confidence in their cybersecurity due to Log4Shell, followed by hospital and travel companies, automotive, government and financial services. Financial services companies were the most likely to have reprioritized cloud security initiatives after the vulnerability surfaced.

Understanding and fixing the Log4Shell vulnerabilities

Here’s how the vulnerability works:

  1. Log4j2 supports a logging feature called Message Lookup Substitution, which enables special strings to be replaced, during the time of logging, by other dynamically generated strings.
  2. One of the lookup methods (JNDI paired with LDAP) fetches a special class from a remote source to deserialize it, which executes some of the class code.
  3. Any part of the logged string can then be controlled by a remote attacker.

In a recent article, TechRepublic contributor Jack Wallen explained how to use the Log4j Detect script to scan Java projects for the vulnerability. This requires a Java project and a user with sudo privileges. This script can be used on Linux, macOS and Windows.