Homeland Security warns: Expect Log4j risks for 'a decade or longer'
The bugs proved to be a boon for cybercriminals as Log4j is so widely used, including in cloud services and enterprise applications. And because of this, miscreants soon began exploiting the flaws for all kinds of illicit activities including installing coin miners, stealing credentials and data, and deploying ransomware.
"ICS operators rarely know what software is running on their XIoT devices, let alone know if there are instances of Log4j that can be exploited," Thomas Pace, a former Department of Energy cybersecurity lead and current CEO NetRise, told"Just because these attacks have not been detected does not mean that they haven't happened," Pace continued."We know for a fact that threat actors are exploiting known vulnerabilities across industries.
The report also added that,"generally speaking," criminals exploited the security holes"at lower levels than many experts predicted, given the severity of the vulnerability," which seems to be a fair assessment of Log4j.That said, it still cost organizations a lot of money and human resources to, first, identify their usage of the logging library in their own products and then in their suppliers' software, and then mitigate the risk.
"These costs, often sustained over many weeks and months, delayed other mission-critical work, including the response to other vulnerabilities," according to the dossier.— an ongoing and well-documented problem even before the bugs. Unfortunately, this particular risk is going to plague companies and federal agencies for the foreseeable future, the report warns."The Log4j event is not over," it said."The board assesses that Log4j is an 'endemic vulnerability' and that vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer. Significant risk remains.
Canada Latest News, Canada Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Don't expect great summer experience, warns airport bossThe mammoth effort underway to prepare the aviation sector for the 'super peak' getaway period.
Read more »
Baba Vanga - The predictions that came true and 'what we can expect for 2022'Some of Bulgarian psychic Baba Vanga's terrifying predictions for world disasters appear to have came true. The 'Nostradamus of the Balkans' reportedly foresaw some of the world's worst moments.
Read more »
Eurobike 2022 shifts to Frankfurt. What to expect?Eurobike 2022 shifts to Frankfurt as it reshuffles the biggest cycling industry trade show. What new bike gear and trends can we expect?
Read more »
Disposable barbecue blaze gutted pensioner's home eight hours after it was usedFortunately, no one was injured in the fire but the incident has led firefighters to warn of the risks cooling barbecues pose in the hot weather.
Read more »
Don't expect great summer experience, warns airport bossThe mammoth effort underway to prepare the aviation sector for the 'super peak' getaway period.
Read more »
DWP issues warning to anyone expecting £326 Cost of Living payment this monthBrits are being urged to keep an eye out for any scam emails or text messages claiming to be from the government
Read more »