‘Nuclear Grade’ Log4j Vulnerability Still Pervasive with Continuing Impact
‘Nuclear Grade’ Log4j Vulnerability Still Pervasive with Continuing Impact.
Log4j “Nuclear Bomb” Vulnerability, Log4Shell, may affect the world forever.
The U.S. Department of Homeland Security (DHS) Cybersecurity Review Board (CSRB) recently released an investigation into last year ‘s Log4Shell vulnerability .
The CSRB was established by DHS in February this year to investigate major cybersecurity incidents and provide reports with recommendations to improve national cybersecurity.
The incident that the CSRB first investigated was the “nuclear bomb-grade” vulnerability that broke out in Log4j last year.
While there is no indication of a major cyber attack due to the Log4j vulnerability, it will still be “exploited in the next few years,” the report states. Rob Silvers, Deputy Secretary of Homeland Security, also said: “The Log4j vulnerability is one of the most serious software vulnerabilities in history.”
The CSRB board mentioned that, surprisingly, the Log4j vulnerability was less exploited than experts expected.
They also said that there have been no significant Log4j attacks against critical infrastructure systems, although there are some cyber attacks not mentioned in the report.
The board said that future attacks are likely to be in large part because Log4j is often embedded in other software, making it difficult for businesses to discover running on their systems due to indirect dependencies.
They made some recommendations for mitigating the impact of the Log4j vulnerability and improving cybersecurity in general, including recommending that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.
According to statistics from sonatype , the vulnerable version of Log4j still has over 100,000 downloads every weekday on Maven Central.