Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA Unaware of Any Significant Log4j Breaches in U.S.

CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.

CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.

In a briefing with reporters on Monday, CISA’s director, Jen Easterly, and Eric Goldstein, executive assistant director for cybersecurity at CISA, said they are not aware of any significant incident, which is likely due to the quick action taken by many organizations.

On the other hand, the CISA officials warned that malicious actors will likely continue to exploit the Log4j vulnerability known as Log4Shell. In addition, threat actors may have already exploited Log4Shell to gain access to the systems of major organizations, but they may be waiting for the right time to further leverage that access to achieve their goals.

Easterly pointed to the massive 2017 Equifax breach, which came to light only months after hackers had exploited a known Apache Struts vulnerability. The Equifax incident was also recently provided as an example by the FTC, which warned earlier this month that companies could face legal action if exploitation of the Log4j flaws leads to a significant data breach.

Log4Shell has impacted millions of systems around the world — thousands of products are affected — and it has been exploited in many attacks by both profit-driven cybercriminals and state-sponsored threat actors. However, CISA told SecurityWeek in late December that it had not been aware of any federal agencies being hit, and that does not seem to have changed.

While no critical infrastructure organizations appear to have been breached in Log4Shell attacks to date, the CISA officials are concerned that the vulnerability could be exploited against critical infrastructure.

Federal agencies have been ordered to patch the vulnerability by December 23 and at least large agencies have met the deadline, CISA said.

Advertisement. Scroll to continue reading.

To date, the Belgian military appears to be the only government organization to have confirmed suffering a breach as a result of Log4Shell exploitation.

There have also been reports of the China-linked cyberespionage group Aquatic Panda was exploiting Log4Shell to compromise a large academic institution.

Related: Log4Shell Tools and Resources for Defenders – Continuously Updated

Related: Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Related: ICS Vendors Respond to Log4j Vulnerabilities

Related: Another Remote Code Execution Vulnerability Patched in Log4j

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.