Log4j continues to cause havoc one month after discovery

Featured image

Share this article

Open laptop showing dangerous code

The cybersecurity world was shaken when it was revealed that a popular logging library used by millions of people, Apache’s Log4j, contained a zero-day vulnerability that made it easy for hackers to install malicious software.

Read more: HIPAA compliant email

This isn’t the first time that open-source software contained a huge vulnerability. The 2017 Equifax data breach compromised nearly 150 million Americans’ personal information, and it stemmed from using open source software that didn’t patch a vulnerability flaw.

Read more: How to prevent security vulnerabilities before hackers exploit them

While the Apache Software Foundation quickly released a patch for the vulnerability, it was up to software developers and IT professionals to update their systems.

Unfortunately, over 40% of downloads still contain the Log4j vulnerability. This put millions of devices at-risk for hacking attempts. 

Cybersecurity and Infrastructure Agency (CISA) Directory Jen Easterly called the Log4j vulnerability the worst she has seen in her career and expects “intrusions well into the future” due to its widespread use.

How has the Log4j vulnerability been exploited by hackers so far?

Cybercriminals wasted no time in launching attacks using the Log4j vulnerability. According to Check Point Research, there were millions of cyberattacks per hour that attempted to exploit the software flaw.

Log4j had a hand in making 2021 a record-breaking year for hacking attempts. Organizations saw an all-time high of cyberattacks during Q4, and it peaked at over 900 attacks per week.

CISA hasn’t reported any major U.S. cyberattacks related to the Log4j vulnerability. But hackers are still managing to gain unauthorized access to servers. The Belgium Defense Ministry was forced to shut down part of its computer network after a breach triggered by the Log4j vulnerability.

Since the Log4j vulnerability is found in millions of downloads, businesses need to be aware of what their software contains. Microsoft warns, “Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.”

How can organizations protect themselves?

CISA has previously released guidelines on the best way to protect your organization from a Log4j-related cyberattack. CISA has more recently collaborated with the FBI, NSA, and cybersecurity agencies from Australia, Canada, New Zealand, and the United Kingdom to release an additional advisory which recommends organizations take the following steps:

  • Identify assets affected by Log4Shell and other Log4j-related vulnerabilities.
  • Upgrade Log4j assets and affected products to the latest version as soon as patches are available and remain alert for vendor software updates.
  • Initiate hunt and incident response procedures to detect possible Log4Shell exploitation. 

The advisory also breaks down these steps in a more detailed manner which should be carefully read by vendors using Log4j assets. 

How can Paubox help?

Healthcare continues to see a rise in cyberattacks; it saw a 71% increase in attacks in 2021. Covered entities should remain vigilant in ensuring their software doesn’t contain the Log4j vulnerability while also maintaining HIPAA compliance standards.

Your inbox may be the most vulnerable place for a cyberattack to occur since phishing emails are a common threat vector. Paubox Email Suite Plus is a HIPAA compliant solution that is equipped with robust inbound security tools to block spam, ransomware, viruses, and phishing emails from even entering an inbox.

Our HITRUST CSF certified software also includes several other tools to protect yourself from malicious emails. Paubox Email Suite Plus uses the patented ExecProtect to prevent display name spoofing attacks. It also has Zero Trust Email, which requires servers to provide an additional layer of authentication before an email is allowed in your inbox.

Recent events have shown there is always a risk for a cyberattack, and it’s worth the investment to protect your healthcare organization’s data.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022