The U.S. cybersecurity agency can’t rule out that adversaries are using Log4j to gain persistent access to launch attacks later.
Officials at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) say that despite initial fears of widespread compromise, they have yet to see significant harm stemming from a vulnerability in the Java-based Log4j logging utility that became public in December. They can’t rule out that adversaries haven’t already used the vulnerability to monitor targeted machines silently, however, biding their time for later attacks.
“We’ve been actively monitoring for threat actors looking to exploit” the vulnerability, and “at this time we have not seen the use in significant intrusions,” Jen Easterly, director of CISA, said at a press briefing. “Adversaries may be utilizing this vulnerability to gain persistent access that they could use in the future, which is why we are so focused on remediating the vulnerability across the country and ensuring that we are detecting any intrusions if and when they arise.”
However, the vulnerability has been exploited by threat actors in minor ways. “We are seeing some prevalence of what we would call low-level activities, such as installation of cryptomining and software installation of malware that could be used historically in botnets,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said.
This article appeared in CSO Online. To read the rest of the article please visit here.