News
Back to Newsroom

Cybereason Government Inc. Warns of Log4Shell Exploits over Holidays

Dec 22, 2021

Cybereason Government Inc, today cautioned organizations to be vigilant over the Christmas and New Year’s Holidays in the face of an anticipated surge in cyber attacks. The risk is exacerbated by active exploits targeting the recently disclosed Log4Shell vulnerabilities impacting the widely used Log4j logging software. 

A recent report conducted by Cybereason, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, 60% revealed that cyber attacks occurring over weekend and holiday periods took longer to assess the scope of the attack. Cyber risk this holiday season is compounded by reports of a growing number of attacks exploiting Log4Shell vulnerabilities that impact nearly a third of all web servers and numerous software applications and services.

Cybereason researchers developed a freely available vaccine called Logout4Shell that leverages the Log4Shell exploit to neutralize the Log4j vulnerabilities. Cybereason also recently briefed officials from CISA and the FBI regarding the risk from ransomware attacks over the holiday period specifically, given that most organizations only maintain skeleton crews on weekends and holidays, which increases the likelihood an attack will be successful.

Cybereason recommendations for reducing cyber attack risks during holiday periods include:

--Upgrading to the latest patched version of Log4j as soon as possible, or leverage the Cybereason Logout4Shell vaccine to protect vulnerable servers while assessing the steps required to implement the patch.

--Evaluate lock-down of critical accounts for the weekend/holiday when possible. Highest privilege accounts in many cases are rarely required to be in use during the weekend or holiday breaks.

--Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of malware or ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended to make sure all personnel and procedures work as expected.

--Assuring key security team members can be reached at any time of day as critical response actions can be delayed during weekend/holiday periods. Having clear on-call duty assignments for off-hours security incidents is crucial here.

Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason Government advantage or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Media Contact:

Bill Keeler

Senior Director, Global Public Relations

Cybereason

bill.keeler@cybereason.com

(929) 259-3261