New research shows the weakness shattered confidence in cloud defense and motivated a new set of cybersecurity priorities.
Log4Shell was a wake-up call to cybersecurity across every industry, according to new research from cloud security provider Valtix. The report found that 77% of 200 respondents are still dealing with patching† The vulnerability has also negatively impacted IT teams’ ability to meet business needs.
The survey found that tech leaders are prioritizing new tools, process changes and additional budget to address the weakness.
SEE: Log4Shell: Still There, Still Dangerous, and How to Protect Your Systems
In March 2022, Valtix partnered with an independent research firm to survey 200 cloud security leaders to understand how the vulnerability impacted security teams. The study shows how cloud security leaders are changing the way they secure cloud workloads in the wake of Log4Shell.
The survey found that 78% of IT leaders still lack a clear view of what is currently happening in their cloud environment:
- 82% say the view of active security threats in the cloud is mostly obscured
- 86% agree that securing workloads in a public cloud is more challenging than on premise
- Only 53% are confident that all of their public cloud workloads and APIs are fully protected against attacks from the Internet
In addition, nearly all respondents confirmed the challenges associated with bringing endpoint security agents and firewall appliances from their data centers to the cloud with:
- 79% agree that agent-based security solutions are difficult to operationalize in the cloud
- 88% said bringing network security equipment to the cloud is challenging for cloud computing business model
Vishal Jain, co-founder and CTO at Valtix, said Log4Shell has proven that deep defense is essential even in the cloud, because there is no such thing as an invulnerable app.
“Log4Shell exposed many of the cloud providers’ security vulnerabilities as IT teams scrambled to create and patch a virtual patch while allowing them to test updated software,” said Jain. “They needed more advanced security to prevent remote exploits, visibility into active threats, or the ability to prevent data exfiltration.”
Davis McCarthy, a principal security researcher at Valtix, said the research shows they are taking action in 2022 by prioritizing new tools, process changes and budget related to cloud security.
The study authors also found that tech leaders in the energy industry are most likely to have low confidence in their cybersecurity because of Log4Shell, followed by hospital and travel, automotive, government and financial services. Financial services firms were most likely to re-prioritize cloud security initiatives after the vulnerability surfaced.
Understanding and Resolving the Log4Shell Vulnerabilities
This is how the vulnerability works:
- Log4j2 supports a logging function called Message Lookup Substitution, which allows special strings to be replaced with other dynamically generated strings during logging.
- One of the lookup methods (JNDI coupled with LDAP) retrieves a special class from an external source to deserialize it, which executes some of the class code.
- Any part of the logged string can then be checked by a remote attacker.
In a recent article, TechRepublic contributor Jack Wallen wrote explained how to use the Log4j Detect script to scan Java projects for the vulnerability. This requires a Java project and a user with sudo rights. This script can be used on Linux, macOS and Windows.