Following the news that the China-backed APT41 hacking group has compromised at least six US state governments by exploiting the Log4j vulnerability, cyber security experts commented below.

Experts Comments

March 09, 2022
Brian Fox
CTO and co-founder
Sonatype

The news of China’s APT41 hacking group breaching U.S. state government networks tracks with the typical time lapse we see with zero-day vulnerabilities like Log4Shell. The Equifax breach, which was similar in nature, took around five months to clear the airwaves from the initial exploit. So, from a historical perspective this isn’t surprising: a high-spread, low-complex vulnerability equals a 100 percent chance of being used.

What is more surprising and even more concerning is our data shows

.....Read More

The news of China’s APT41 hacking group breaching U.S. state government networks tracks with the typical time lapse we see with zero-day vulnerabilities like Log4Shell. The Equifax breach, which was similar in nature, took around five months to clear the airwaves from the initial exploit. So, from a historical perspective this isn’t surprising: a high-spread, low-complex vulnerability equals a 100 percent chance of being used.

What is more surprising and even more concerning is our data shows that nearly 40% of Log4Shell downloads are still of vulnerable versions. Meaning there’s a high chance that other state and national governments — not just in the U.S. — will be breached in the coming months by bad actors. What I advise now is what I’ve advocated for a long time: urge your software vendors to create and continuously update a software bill of materials and invest in a tool that includes software composition analysis (SCA). SCA provides a look at all the components in a project and determines the potential risk. These tools should be automated to monitor components across the entire Software Development Lifecycle.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.