Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA Unaware of Any Significant Log4j Breaches in U.S.

CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.

CISA Concerned About Risk Posed by Log4Shell to Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently unaware of any significant breaches related to the recently disclosed Log4j vulnerabilities.

In a briefing with reporters on Monday, CISA’s director, Jen Easterly, and Eric Goldstein, executive assistant director for cybersecurity at CISA, said they are not aware of any significant incident, which is likely due to the quick action taken by many organizations.

On the other hand, the CISA officials warned that malicious actors will likely continue to exploit the Log4j vulnerability known as Log4Shell. In addition, threat actors may have already exploited Log4Shell to gain access to the systems of major organizations, but they may be waiting for the right time to further leverage that access to achieve their goals.

Easterly pointed to the massive 2017 Equifax breach, which came to light only months after hackers had exploited a known Apache Struts vulnerability. The Equifax incident was also recently provided as an example by the FTC, which warned earlier this month that companies could face legal action if exploitation of the Log4j flaws leads to a significant data breach.

Log4Shell has impacted millions of systems around the world — thousands of products are affected — and it has been exploited in many attacks by both profit-driven cybercriminals and state-sponsored threat actors. However, CISA told SecurityWeek in late December that it had not been aware of any federal agencies being hit, and that does not seem to have changed.

While no critical infrastructure organizations appear to have been breached in Log4Shell attacks to date, the CISA officials are concerned that the vulnerability could be exploited against critical infrastructure.

Federal agencies have been ordered to patch the vulnerability by December 23 and at least large agencies have met the deadline, CISA said.

To date, the Belgian military appears to be the only government organization to have confirmed suffering a breach as a result of Log4Shell exploitation.

There have also been reports of the China-linked cyberespionage group Aquatic Panda was exploiting Log4Shell to compromise a large academic institution.

Related: Log4Shell Tools and Resources for Defenders – Continuously Updated

Related: Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Related: ICS Vendors Respond to Log4j Vulnerabilities

Related: Another Remote Code Execution Vulnerability Patched in Log4j

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.