Expect the hits to keep coming in 2022

We’ll continue to see ransomware attacks in 2022. Why? Because they are still successful.

The past year gave us plenty to write about on the cyber security front. However, just as 2021 was coming to an end and talk of the new year was filled with hopeful optimism and moving past all the headaches of the past, we were handed what many consider to be the most serious vulnerability of all times. 

The director of U.S. Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, called the Log4j cyber attack, “the most serious vulnerability I have seen in my decades-long career.” 

The cyber attacks and events in 2021 seemed right on top of one another. No breathing room for IT and security teams — just roll up your sleeves and hit it again. I’ve been in constant communication with our service providers and can feel the frustration in their voices. I know a lot of holiday spirit was impacted by Log4j. When you hear terms like “millions of java-based apps” are at risk, that will keep you up at night for sure. 

The Log4j exploit

The vulnerability can lead to remote code execution on the underlying servers that run vulnerable applications and exploiting the issue requires no authentication. The flaw is rated with the maximum severity of 10/10 on the Common Vulnerability Scoring System (CVSS), which as the name implies is the industry standard for assessing the severity of computer system security vulnerabilities.

Deputy Chief Technology Officer at Tenable Glen Pendley warned of Log4j’s potential impact, “Everything across heavy industrial equipment, network servers, down to printers and even your kid’s Raspberry Pi, is potentially affected by this flaw. Some affected systems may be on-premises while others may be hosted in the cloud, but no matter where they are, the flaw is likely to have an impact.” 

Unfortunately, the new year will kick off with a slew of exploits, already including one from a group of Chinese attackers using Log4j to attack a large academic institution. The Log4j tool is so widely distributed across websites, networks and other software that it is essentially a ubiquitous technology and a key part of the software supply chain. According to a group that compiles data on the usage of various types of technologies on the web called W3Techs, they estimate 31.4% of all websites use the tool. This simple twelve-character code can result in very complex attacks by stealing sensitive information or launching ransomware attacks.

According to many experts we are going to be dealing with this a long time. CISA came out with some additional recommendations for asset owners:

1. Enumerate any external facing devices that have Log4j installed. 
2. Make sure that your security operations center is actioning every single alert on the devices that fall into the category above. 
3. Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts.

For now, the solution appears to be to learn to live with the problem. 

TBA bank members can visit the Texas Banker’s Information sharing and analysis organization at www.texasbankers.com/tbisao for more information or reach out to me directly at [email protected].