Log4j exploitation risk is not as high as first thought, cyber MGA says

2022-02-11 09:21

Attackers have been trying to exploit the vulnerability to compromise systems around the world to deliver cryptominers and ransomware or to establish persistent access for a future attack.

According to Rotem Iram, co-founder and CEO of cyber managing general agent At-Bay, the Log4j exploitation risk isn't as high as first thought.

Of insured mid-market companies in their portfolio and companies that submitted a request to be insured, they found that only a very small percentage of them are vulnerable to Log4Shell exploitation coming from attackers outside the network perimeter.

"As an insurance MGA we are interested in reducing the most risk for the most organizations. In the mid-market, cyber criminals are not targeting specific organizations; they're running internet-wide scans looking for critical vulnerabilities and then attacking what's found. So, when looking at the risk presented by Log4j, we consider how many organizations could be identified and exploited by an attacker specifically seeking to use a Log4j exploit," Iram shared.

"Remediating any system vulnerable to Log4j is crucial, but organizations must not divert attention from other common attack vectors. Remote Desktop Protocol remains the leading cause of ransomware incidents, responsible for nearly 50% of all attacks - and we do not anticipate this changing anytime soon," he said.

"Attackers in the mid market don't target organizations, but rather easy to find and exploit vulnerabilities. They design an attack that is specific to that starting point and then scale it up by selling it as ransomware-as-a-service tool to other, less sophisticated attackers," he added.

News URL

https://www.helpnetsecurity.com/2022/02/11/log4j-exploitation-risk/

#log4j