Details of the Apache Log4Shell vulnerability targeting server systems recently took an important place on the cyber security agenda. To summarize briefly, the said vulnerability causes the servers to rely too much on unverified data coming from outside, and thus, specially crafted malicious codes are carried to the servers.
In order to contribute to the news you will prepare on the subject, we share the views of Sophos Senior Threat Researcher Sean Gallagher on the subject below.
“Excluding crypto mining, there is a calm before the storm about malicious activities that have the potential to exploit the Log4Shell vulnerability. We think that cyber attackers will take advantage of all the opportunities this vulnerability brings in the coming days, especially in order to gain financial gain.
In terms of defense, your most urgent priority should be to patch your server infrastructure from the ground up to reduce your risk of being attacked, and to investigate exposed and potentially compromised systems. The vulnerability could be anywhere.
In cases where systems become vulnerable, an incident response process should be carried out immediately, and the symptoms of Trojan horses with remote access, such as C2 callbacks, should be monitored. Secrets stored in open systems, especially those that are exposed in environment variables, should be transformed immediately. Finally, you should also consider your critical suppliers that may be at risk. “
Sean GallagherSophos Senior Threat Researcher
24711
