According to Arctic Wolf research, the Log4Shell vulnerability is still being massively abused a year after it was identified.
Arctic Wolf collected data on global threats, malware, digital forensics and incident response (IR) cases. This to determine the key threat trends of 2022. “Arctic Wolf has access to trillions of weekly security events,” said Daniel Thanos, vice president and head, Arctic Wolf Labs. “It also allows us to publish truly new insights about threats that are valuable to the entire security community.”
Log4Shell
Based on the data, it becomes clear that Log4Shell, the zero-day RCE vulnerability in Apache Log4j identified in December 2021, has been a problem for an extended period of time. A quarter of Arctic Wolf users had been targeted by an attempt to exploit Log4Shell as of January 2022.
About three in five of all incident response cases with Log4Shell investigated were attributed to three ransomware variants. These are LockBit (26.9 percent), Conti (19.2 percent) and ALPHV (11.5 percent). On average, an incident involving Log4Shell costs more than $90,000, about €82,500.
In addition to Log4Shell, ProxyShell, the vulnerability in Microsoft Exchange that also had a major impact, continues to be massively abused. They are the two main ‘root points of compromise’ (RPOC) for Arctic Wolf’s incident response cases.
Notable findings
What Arctic Wolf further notes is that more than a quarter of all IR incidents were business email compromise (BEC) attacks. The security vendor notes that 58 percent of affected organizations did not have multi-factor authentication (MFA) enabled. It links a lack of MFA to the increase in BEC attacks.
Furthermore, Arctic Wolf notes that the Russian invasion of Ukraine has significantly disrupted the activities of ransomware groups. It contributed to a 26 percent year-on-year drop in the number of observed global ransomware cases.
Also read: ‘Humans are the strongest link in security chain’