By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: No immediate, mass exploits but Log4Shell threat to remain for years: Sophos
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > No immediate, mass exploits but Log4Shell threat to remain for years: Sophos
CybersecurityEnterpriseSoftware

No immediate, mass exploits but Log4Shell threat to remain for years: Sophos

Alfred Siew
Last updated: February 10, 2022 at 6:16 PM
Alfred Siew Published February 10, 2022
3 Min Read
SHARE
PHOTO: Pexels

The Log4JShell bug that hit various online services in December has not resulted in immediate crisis, according to cybersecurity firm Sophos, which also warned that the vulnerability remains embedded in many applications and products, making them a target for exploitation for years to come.

From late December to January 2022, attack attempts flattened out and declined, the company found from analysis of customer data, but cyber attackers appear to be still scanning for vulnerabilities in many organisations.

The bug stems from the Log4J software commonly used by a myriad of online services to log events that are happening on software applications and the servers that run them.

In a report today, Sophos’ principal research scientist Chester Wisniewski said the number of successful attacks making use of the vulnerability has been lower than expected.

One reason was the severity of the bug, which united the digital and security communities and galvanised people into action, he added.

“As soon as details of the Log4Shell bug became clear, the world’s biggest and most important cloud services, software packages and enterprises took action to steer away from the iceberg, supported by shared threat intelligence and practical guidance from the security community,” he noted.

Another factor, he explained, was the need to customise the attack to each application that is using the vulnerable code. This meant cyber attackers, some of whom were crypto-miners, had to spend time to tweak their malicious code.

However, this does not mean that the threat is over. On the contrary, it is expected to be a long-term issue, given the widespread use of Log4J and the difficulty in patching or updating all the systems affected.

Some attackers may already have managed to access victims’ servers and set up malware to keep a backdoor open, even as the victims rushed to close the initial loophole, said Wisniewski.

These backdoors are not be utilised until possibly months later, when the hackers wish to mount a larger attack, he noted, adding that this would be consistent with other vulnerabilities that hackers had seized on previously.

You Might Also Like

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

RedCap: A new cellular IoT technology for the 5G era

Debate on computational photography misses what’s real, what’s lived outside a frame

Q&A: Delivering movies digitally and securely from around the world

TAGGED: Apache, Chester Wisniewski, Java, Log4J, Log4Shell, Sophos

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew February 10, 2022
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Samsung’s Galaxy S22 Ultra is a noteworthy replacement for a one-time sleeper hit
Next Article Time to use a tablet, as new ones like Galaxy Tab S8 Ultra get bigger screens than laptops?
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Oppo Find N2 Flip review: A worthy flip phone alternative to Samsung
Cellphones Mobile March 26, 2023
As TikTok faces a possible ban in the US, should users elsewhere be worried?
Cybersecurity Internet March 24, 2023
Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage
Enterprise Internet March 23, 2023
RedCap: A new cellular IoT technology for the 5G era
Enterprise Software Telecom March 23, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?