Log4j attacks are still a major threat, warns Microsoft

News
By published

Organizations should use scripts and scanning tools to assess their risk and impact

Zero-day attack
(Image credit: Shutterstock.com)

Microsoft is warning its Windows and Microsoft Azure customers that they need to remain vigilant when dealing with potential attacks exploiting the Log4Shell vulnerabilities in the popular Java logging framework Log4j.

At the beginning of December, the Apache Software Foundation disclosed a zero-day vulnerability, tracked as CVE-2021-44228, and four related flaws now known as Log4Shell. As numerous applications and online services use Log4j to log code written in Java, it could take years before the matter is finally resolved.

In an update to a blog post first published on December 11, Microsoft provided further insight on how the Log4Shell vulnerabilities are being exploited in the wild so far, saying:

“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.”

Log4j dashboard and scanners

To protect themselves from any potential Log4j attacks, Microsoft recommends that its customers employ now readily available scripts and scanning tools to assess their risk and impact.

In addition to cybercriminals, nation-state hackers that have more advanced capabilities have been observed taking advantage of the Log4Shell vulnerabilities which means we could see large-scale cyberattacks exploiting them in the future. In fact, Sonatype CTO Brian Fox said that “The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall” in a recent email to TechRadar Pro.

At the end of December, Microsoft took it upon itself to roll out a Log4j dashboard in the Microsoft 365 Defender Portal for Windows 10 and 11, Windows Server and Linux systems to help security teams find patches for software and devices affected by Log4Shell. At the same time, both CISA and Crowdstrike released separate Log4j scanners ahead of the holidays.

Dealing with the the Log4Shell vulnerabilities has been quite difficult for security teams which is why the UK's NCSC recently published a blog post warning organizations about the potential for burnout while trying to patch affected software and devices.

As Log4Shell has the potential to lead to cyberattacks and data breaches on par or greater than the 2017 hack of Equifax, organizations should heed Microsoft's advice when it comes to remaining vigilant.

We've also highlighted the best endpoint protection software, best firewall and best antivirus

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Apache Foundation urges users to patch now and fix major security worries
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
DuckDuckGo AI

What is Duck.ai? Everything we know about DuckDuckGo’s privacy-focused AI chatbot
See more latest
Most Popular
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Gemma staring at something off-camera in Severance season 2 episode 10
'Everyone is going to be so torn': Severance star Dichen Lachman reacts to the popular Apple TV+ show's most 'intense' season 2 finale event
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 22 (game #384)