Level 10 critical severity Log4J vulnerability announced; Nobelium evolution; and Emotet resurgence suggests impending ransomware attacks

Published 12/16/21, 9:30am

The latest in cybersecurity news 

This week we discuss the massively severe Log4j vulnerability affecting millions of applications and businesses around the world. We also review the latest activities of the Nobelium gang, notorious for the SolarWinds attack from one year ago. And we discuss the latest TTPs used by the Emotet gang as they revamp their botnet to deliver ransomware.

• Critical RCE vulnerability—rated 10 on severity scale—in Apache Log4j
• Nobelium gang malware evolves one year after SolarWinds
• Emotet goes for the jugular; skips trojan payload in favor of direct Cobalt Strike installation

Cybersecurity news final thoughts: The importance of protecting the fragile supply chain

All three stories in this week’s cybersecurity news highlight the fragility of the software supply chain and how one piece of vulnerable code or an attack on a single application or business can send shockwaves around the world. (To learn more about dangers to the supply chain, check our video The Brickhouse—Supply Chain Risks.)

The Log4j vulnerability is a classic example of the challenges developers and security practitioners face with zero-day exploits. By all accounts, developers at Apache were rushing to fix this critical vulnerability, having been alerted to the problem in November, yet the discoverers of the vulnerability released the zero-day prior to a patch being issued, giving hackers the opportunity to jump the gun and take advantage of the flaw within a few hours of the announcement. 

An organization’s software supply chain greatly expands an organization’s attack surface. To maintain the safety and security of the business and protect critical infrastructure areas, it is essential for organizations to take the necessary steps to mitigate the risks associated with the software supply chain, including:

• Integrating supply chain risk management across the enterprise.
• Creating a formal supply chain risk management plan and program.
• Understanding the enterprise cyber supply chain and identifying and documenting all staff, contractors, vendors, and suppliers with system access.
• Using a software bill of materials (SBOM) which includes all the tools used to build an application, including any third-party components.
• Assessing and monitoring all cyber supply chain relationships.
• Applying identity and access management (IAM) solutions and best practices.
• Implementing zero trust architectures.

Staying one step ahead of hackers takes time, patience and commitment, and organizations will get out of it what they put into it.