Virtualization Technology News and Information
deepwatch 2022 Predictions: Prepare for The Long Haul - What Kicking Off the New Year with Log4j Means for Cyber in 2022

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Prepare for The Long Haul - What Kicking Off the New Year with Log4j Means for Cyber in 2022

By Wes Mullins, CTO of deepwatch

Over the past few years, we have witnessed cyber-attacks become more sophisticated and targeted, with ransomware becoming a top-line item for business leaders around the globe. To date, the two critical components in all major attacks have been: 1) attacking the software supply chain (Solarwinds, Accellion, NPM, etc.) and 2) leveraging known and unknown vulnerabilities to exploit externally-facing and internal critical systems.

With the latest Log4j vulnerability, it's wildly simple for attackers to run code in an environment that could be used to do anything from some data gathering to becoming the initial point for a ransomware attack - this vulnerability is a hacker's gold mine.

As we head into the new year, Log4j is looking like it's here to stay. We are going to keep finding new systems using it that we didn't expect or finding systems that we thought were patched but aren't. So what does this mean for InfoSec teams and the cyber landscape in 2022?

Response Plans Will Be Imperative to Survival

Every organization should have a response plan set up in preparation for a potential cyberattack. Without an appropriate plan in place, a cyberattack can go from a mild event to a crisis very quickly. In 2022, it will be important that organizations not only determine what their response plan looks like but that they test that response plan.

If you try to play "whack-a-mole" with the latest threats you'll never be ready for any attack. The basics are still key and will build a strong foundation to weather any attack; endpoint protection, DNS control, role-based access control, least privileged access, MFA/Zero-trust, and monitoring are all variables in a well-devised plan.

Log4j Initial Compromise Will Be Step 1 in a Multi-Phased Attack

Having access to a large number of impacted customers has allowed us to glean pre and post-exploitation attempts across multiple industry verticals and a large subset of different threat actors. There are 2 main themes we're seeing occur 1) Log4j to exfil sensitive data need to launch a large more sophisticated attack and 2) rapid deployment of ransomware. The latter is primarily comprised of what you would call a traditional "spray and pray" approach. The former is being attributed to more mature threat actors that are looking to get a further foothold in an env by leveraging log4j to get credentials, access tokens, keys, etc. that they then will leverage to get into other parts of the environment.

Regardless of how fast you patched or mitigated your vulnerable systems you will still need to review those systems, what access they had access to, and ensure you're resetting any potential access mechanisms. Defending against ransomware is not a log4j issue, but something you should be doing and focusing on day in and day out.

Continuous Monitoring Will No Longer be a Nice to Have

Businesses will need to invest more resources in continuous monitoring of their systems for critical vulnerabilities and patching as soon as possible, which usually means as soon as the remediation patch comes out. With continuous monitoring, organizations can identify unusual activity in their systems using an analytics platform and cybersecurity experts. As the security talent shortage continues,  the likelihood that in-house monitoring is possible dwindles. In 2022, we will see more organizations employ an MDR provider with cybersecurity expertise and operational capabilities to keep the SecOps lights on 24x7x365.

People Will Be More Prevalent than Tools in the Fight Against Cyberattacks

The "Great Resignation" coupled with the ongoing cybersecurity talent shortage is putting organizations in a tough spot as they need people to fight the ongoing barrage of cyber threats. And while top-notch technology is vital, people are proving to be a major piece of the puzzle. Log4j put this front and center as around the globe companies turned to Apache volunteers to help with their patching efforts. In the year ahead, we'll see the focus shift back to the cyber talent, cyber teams, and individuals that keep an organization secure over just the tools. It takes a fully built line of defense, not just one player and not just one game-plan.

It is important to note that Log4j is a vulnerability, a widespread and detrimental vulnerability, but vulnerabilities are common. In the new year, we will continue to see more vulnerabilities pop up but what's more important is how they are handled. Vulnerabilities, including Log4j, are a doorway into our environments that we didn't know about until just this week, but doors aren't themselves dangerous. It is who and what comes through the door that is the problem.  So, defenses need to be expanded internally and externally, and some additional protections will need to be utilized until the door can be closed and barred.



Wesley Mullins 

As the CIO & CISO of deepwatch, Wesley’s organization is responsible for Security, Risk & Compliance across deepwatch, as well as back office systems and all customer facing platforms used to deliver our service. He has been in IT for close to 20 years, starting out as a developer, moving into networking, and eventually landing in cyber around 15 years ago. Before joining deepwatch he was the VP of Global Cyber at Nielsen and prior to that held various roles at PwC, & TECO Energy.

Published Friday, January 14, 2022 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>