Contrast Security, the leader in next-gen code security, shared information on how Log4j, the most popular piece of free open-source Java computer language software used by developers worldwide, will continue to impact major organizations around the globe including Apple, Tesla, Microsoft, and government agencies for the foreseeable future.
“This is the most severe software vulnerability we have ever seen. It is incredibly widespread and extremely easy for hackers to exploit,” said Arshan Dabirsiaghi, Chief Scientist and Co-founder at Contrast Security.
As an expert organization in testing and protecting third-party open-source code moving through the software supply chain, Contrast, as well as expert researchers, have established that the Log4j attacks are now being weaponized for ransomware and data theft. Even self-replicating worms and bots are now known to exist.
Top iTechnology Security News: BreachQuest Team of Cybersecurity Experts Release Predictions for 2022
Organizations are rushing to plug the hole, but progress has been slow. Several fixes have also been issued by Apache but found to be incomplete – setting the process back each time. Security research teams are starting to see disruption of service and confirmed hacks including the Canadian and Belgian governments. In addition to confirmed hacks, organizations are choosing to take down websites and services to minimize their exposure.
Contrast has been able to protect global enterprises and Fortune 500 customers from Log4j since internal data showed that attacks were on-the-rise as early as November 24th – long before the vulnerability was publicly disclosed. Customers’ applications are protected with Contrast Protect as it defends applications against the underlying vulnerability with sandboxes that separate exploitable operations from exploiting targets. This immediate protection allows customers to schedule permanent fixes without being exposed. Contrast Customer Success and Service teams have also been working 24/7 with SecDevOps teams and developers, to protect vulnerable applications or Java application portfolios.
“At Contrast Security, we help protect companies from this type of attack, and we’re protecting our customers from the start,” said Steve Wilson, Chief Product Officer at Contrast Security. “As we reviewed our own internal data, we saw a dramatic uptick in attacks of this type starting two weeks before this problem became common knowledge. This means networks at many organizations are already compromised. However, the way Contrast customers were able to respond to the Log4j vulnerability because of Contrast Protect and the Contrast Code Security Platform was amazing.”
Top iTechnology AIOps News: SymphonyAI Appoints Senior Executive To CTO Position
[To share your insights with us, please write to sghosh@martechseries.com]
