CyRisk Zero-day Exposure Detection Platform Finds Systems Vulnerable to Log4Shell

The Most Severe Cyber Risk Known To-Date

 

Log4Shell sets the internet on fire

Log4Shell (also called Log4J) is a critical vulnerability publicly reported on December 9, and it is already setting the internet on fire with severe threats to millions of servers, devices, and the software running on them.

Officially identified as CVE-2021-44228 and the related CVE-2021-45046, this threat is known as a “Zero-Day” vulnerability – a critical software flaw that was not known before it was made public. This flaw was found in the widely used Log4j Java logging library. This vulnerability allows remote attackers to access systems, install malware and remotely execute code on vulnerable systems, resulting in severe consequences for the impacted organizations.This single new risk has resulted in billions of dollars of risk exposure in the first week alone. And it’s not going away any time soon, since the exposure is so widespread. Only swift detection can allow IT professionals to take action to mitigate the risk and that’s exactly what CyRisk is designed to do.

Log4Shell is widely considered to be one of the worst vulnerabilities in the history of the internet. The software library is one of the most popular opensource logging services used by developers and was downloaded 28.6 million times in the past four months. Developers have embedded this library in millions of servers and software applications used by companies, small and large. It is used by large service providers such as Apple, Amazon/AWS, Google, Netflix, and many others. And attackers have been working overtime, hunting for vulnerable systems and trying to get a foothold on computer networks before these holes are patched.

“It is critical that organizations find and patch this vulnerability immediately, before the bad actors have a chance to get inside your network,” Goodman explained. “Because once they get in, even if you patch your systems, you haven’t solved the problem. The longer vulnerable systems are exposed, the more likely it is that you’ll have hackers living inside your network, deploying malware, backdoors and hunting for valuable assets. And that just makes it that much more damaging, and more costly to recover and remediate.”

As Zero-day vulnerabilities go, Log4Shell has a 10/10 rating, which means that attackers can remotely exploit it without any input from the victim, and it does not require any significant expertise to pull it off. It also means that once a system is compromised, an attacker can install software and control the system at will.

“Companies are responding with an urgent need to scan their cyber assets and to determine exposures – they are concerned, and we are fortunate that our CyRisk ZED (our Zero-day Exposure Detection) platform is already equipped with a novel, non-intrusive detection mechanism to identify these threats. After analyzing 100s of thousands of assets, we are seeing an exposure rate of about 3% which is incredibly high for this type of thing,” said Goodman. “We are in a unique position to react quickly because of our unique tooling and infrastructure. Our team of security experts knows these issues so we immediately deployed a new module to CyRisk ZED (our Zero-day Exposure Detection platform), and we have already been identifying vulnerable assets for our customers. We are also hearing from many new customers who are very concerned.

“CyRisk is uniquely positioned to detect and respond to threats like Log4J and others, and we invested in their platform because we understand their potential to tackle these issues into the future…no matter the complexity”, said Jim Kelly, Partner at Connected Ventures, an early investor in CyRisk.

“The CyRisk team has analyzed this risk and we have developed a novel, highly reliable, non-intrusive service to identify the vulnerabilities. This is one of the most dangerous and wide-spread threats we have ever seen,” continued Goodman, CEO and Founder of CyRisk, and longtime cyber risk professional and consultant.

CyRisk has scanned 100s of thousands of companies, millions of cyber assets, and detected many critical vulnerabilities. “Fortunately, we are able to alert companies and provide them with appropriate guidance on how to protect themselves from this and other critical vulnerabilities. Many of them are acting quickly, but there is an enormous amount of risk out there – much more to do as quickly as possible,” Goodman concluded.

CyRisk is a cutting-edge technology company, new on the market; the CyRisk RED and CyRisk ZED products (“Ransomware Exposure Detection”, and “Zero-Day Exposure Detection”) scan technology assets of organizations detecting cyber risks and vulnerabilities, and providing our customers with recommendations on how to address any risks found. CyRisk is being used by companies of all types to fortify their cyber infrastructure, and it is being used by leading Insurance Carriers to properly price Cyber insurance policies, and those same insurance companies are using it monitor the on-going risks of their policy holders.
CyRisk recommends all companies contact us as soon as possible so we can help you scan your current assets, create a blueprint, and to set a cyber risk management path forward. The Log4J risk will not go away unless you act soon.

Click here to Schedule a free 15-minute Consultation with the CyRisk Team.

Contact us at:
New Inquiries: sales@cyrisk.com