Security News > 2022 > February > Log4Shell: A retrospective

Log4Shell: A retrospective
2022-02-15 06:15

There were a few common practices in organizations that felt they had prepared for or responded to Log4Shell effectively.

On the other hand, centralized logging inevitably provides a broader attack surface for logging-based attacks such as Log4Shell.

Attempts to exploit Log4Shell were easily detectable by both automata and analysts alike.

Contacting malicious external hosts is a prerequisite to a successful Log4Shell attack.

While not perfect - this defensive technique may be subverted by the attacker using IP addresses or hosting the malicious Java object on already-compromised internal resources - it is a cheap and surprisingly effective method of making things more difficult for attackers.

Log4Shell affected all of us to a degree, but organizations that had their ducks in a row before the vulnerability was announced could mitigate it quickly, comprehensively, and methodically.


News URL

https://www.helpnetsecurity.com/2022/02/15/log4j-vulnerability/