Lacework report confirms 31% of malware infections are Log4j

Founded in 2015 and headquartered in San Jose, California, with offices all over the world, Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, Liberty Global Ventures and Snowflake Ventures, among others. Launched today, their new Cloud Threat Report has revealed threat actors continue to refine their techniques in order to gain illicit access to cloud data and  resources. Whether they are taking advantage of  configuration mistakes, exploiting vulnerabilities in targets’ supply chains, or adapting malware for nearly undetectable use in Linux environments, bad actors are taking every opportunity to cash in. The report is designed to show that defenders can use the power of the cloud to re-level the playing field.  

Lacework has raised more than $1.8 billion at a valuation of $8.3 billion and a recently commissioned study from Forrester Consulting showed how Lacework delivers a 342% ROI for customers. 

Cloud Threat Report findings

The third iteration of the report from the data driven cloud security company Lacework analyses four key areas of cloud security: Cloud Security Posture, Runtime threats & Linux Malware, Vulnerabilities & Software Supply Chain and Proactive Defence & Intelligence.

The report suggests that AWS services IAM, S3 and EC2 were found to be insecure configurations, with 72% of environments exposed in the last six months.

Linux-based malware has threats outside of Log4j, but with 31% of confirmed malware using the java-based logging library as its initial vector, but the threats of XMRig, Muhstik, and Mirai dominated the environment, accounting for a combined 74% of the malicious installations Lacework observed.

Defence against such threats include Canary tokens, Honeypots and application sandboxing.

What is Log4j and why is it being exploited by hackers?

Log4j exploits were believed to have started as early as 1st December 2021, when CERT New Zealand revealed that this remote code execution flaw (CVE-2021-44228), was already being exploited by hackers.  

Widely used Java library for logging error messages in applications, Log4J is used in enterprise software applications, including many custom applications developed in-house by businesses.

It's also a crucial component of cloud computing services.

CISA director Jen Easterly said: "To be clear, this vulnerability poses a severe risk. We will only minimise potential impacts through collaborative efforts between government and the private sector. We urge all organisations to join us in this essential effort and take action."  

Pandian Gnanaprakasam, Co-founder and Chief Product Officer at Ordr, added: “Log4j is an Apache Java logging library used in many forms of enterprise and open-source software. This includes cloud platforms, web applications, and email services that could be at risk from attackers attempting to exploit this vulnerability. While the full scale of affected devices and systems is still being analysed, healthcare organisations should consider any web-connected device vulnerable as they likely use Java-based applications or other Java components."

Those seeking to defend their organisation should check the latest guidance on the CISA website.