Lacework report confirms 31% of malware infections are Log4j

The Cloud Threat Report from Lacework analyses four key areas of cloud security with 31% of malware infections using Log4j as initial infection vector

Founded in 2015 and headquartered in San Jose, California, with offices all over the world, Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, Liberty Global Ventures and Snowflake Ventures, among others. Launched today, their new Cloud Threat Report has revealed threat actors continue to refine their techniques in order to gain illicit access to cloud data and  resources. Whether they are taking advantage of  configuration mistakes, exploiting vulnerabilities in targets’ supply chains, or adapting malware for nearly undetectable use in Linux environments, bad actors are taking every opportunity to cash in. The report is designed to show that defenders can use the power of the cloud to re-level the playing field.  

Lacework has raised more than $1.8 billion at a valuation of $8.3 billion and a recently commissioned study from Forrester Consulting showed how Lacework delivers a 342% ROI for customers. 


Cloud Threat Report findings

The third iteration of the report from the data driven cloud security company Lacework analyses four key areas of cloud security: Cloud Security Posture, Runtime threats & Linux Malware, Vulnerabilities & Software Supply Chain and Proactive Defence & Intelligence.

The report suggests that AWS services IAM, S3 and EC2 were found to be insecure configurations, with 72% of environments exposed in the last six months.

Linux-based malware has threats outside of Log4j, but with 31% of confirmed malware using the java-based logging library as its initial vector, but the threats of XMRig, Muhstik, and Mirai dominated the environment, accounting for a combined 74% of the malicious installations Lacework observed.

Defence against such threats include Canary tokens, Honeypots and application sandboxing.

What is Log4j and why is it being exploited by hackers?

Log4j exploits were believed to have started as early as 1st December 2021, when CERT New Zealand revealed that this remote code execution flaw (CVE-2021-44228), was already being exploited by hackers.  

Widely used Java library for logging error messages in applications, Log4J is used in enterprise software applications, including many custom applications developed in-house by businesses.

It's also a crucial component of cloud computing services.

CISA director Jen Easterly said: "To be clear, this vulnerability poses a severe risk. We will only minimise potential impacts through collaborative efforts between government and the private sector. We urge all organisations to join us in this essential effort and take action."  

Pandian Gnanaprakasam, Co-founder and Chief Product Officer at Ordr, added: “Log4j is an Apache Java logging library used in many forms of enterprise and open-source software. This includes cloud platforms, web applications, and email services that could be at risk from attackers attempting to exploit this vulnerability. While the full scale of affected devices and systems is still being analysed, healthcare organisations should consider any web-connected device vulnerable as they likely use Java-based applications or other Java components."

Those seeking to defend their organisation should check the latest guidance on the CISA website.

Share

Featured Articles

Five minutes with: Katie Nykanen, Group CTO at QA

Katie Nykanen, CTO at QA, on being a role model for girls and young women and her hopes for the future

Big business bets on real-time data and event-streaming tech

By 2025, 90 per cent of the world’s largest companies will use real-time intelligence to improve customer experience and other areas, new research predicts

Mind your language: Is NLP a natural fit for the Metaverse?

The Metaverse is going to need next-level processing in order to provide a meaningful experience for all. Natural-language processing has something to say

Cyberattacks make a big difference to manufacturing profits

Cloud & Cybersecurity

ICYMI: Space blockchains and 6G predictions for the future

Digital Transformation

Christina Kosmowski: growth mindset and hands-on leadership

Digital Transformation