1 in 10 enterprise servers, web applications and digital infrastructure vulnerable
While many in the security community are working hard to contain Log4Shell, a critical Apache vulnerability, there are concerns that not everyone takes it seriously. Extensive exploitation has already begun and within a month, Tenable CEO and President Amit Yoran expects to see multiple waves of iteration on this exploit, resulting in more aggressive damage that may be impossible to tackle. stop by then.
According to telemetry data from Tenable, as of December 21, 2021, only 70% of organizations had even scanned the vulnerability. Of the assets that were assessed, Log4Shell was found in approximately 10%, including a wide range of servers, web applications, containers, and IoT devices. Log4Shell is ubiquitous across all industries and geographies.
Amit Yoran fears history will repeat itself, but this time the damage could be out of control. Speaking of the dangers posed, Amit warns:
“While EternalBlue has launched significant attacks, such as WannaCry, the potential here is much greater due to the ubiquity of Log4j in infrastructure and applications. so flagrant to be corrected.
“Log4Shell has been identified as one of the biggest cybersecurity risks we have ever encountered, yet many organizations are still not taking action. According to our data, 30%
of organizations have not begun to assess their environments for Log4Shell, let alone apply patches.
“Log4Shell will define computing as we know it, separating those who make the effort to protect themselves and those who are comfortable being careless.”
His sentiments are reiterated in this blog.