- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Software supply chain attacks remain a major problem in 2021 cybersecurity
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Software supply chain attacks remain a major problem in 2021 cybersecurity
Just when we thought we had finished summarizing the Supply Chain landscape for 2021, the Log4j zero-day vulnerability was exposed. The Apache logging package Log4j is the most popular Java logging library with over 400,000 daily downloads, and is incorporated into millions of Java-based applications worldwide. Companies using Log4j as a logging package include Cisco, Twitter, Cloudflare, Tesla, Amazon, Apple and more. The Log4j package logs error messages; according to the Apache Foundation advisory, an attacker who can control log messages or their parameters could execute arbitrary code from an external server via multiple protocols when message lookup substitution is enabled. Only a single string of text is needed to exploit the flaw.
Since its discovery on December 9, the ‘Log4Shell’ flaw, has been actively exploited in the wild. The vulnerability, assigned CVE-2021- 44228, could allow an unauthenticated attacker to execute malicious code or take over any system that uses the vulnerable version of an open-source library. Unsurprisingly, it scored a perfect 10 out of 10 in the CVSS rating system.
Due to the scale of the distribution of the library, Log4Shell is referred to as the most critical vulnerability of 2021, with the full scope of the damage yet to be determined. The Apache Foundation released a patch for the RCE vulnerability, but nevertheless, mass scanning of vulnerable servers has been observed by multiple security vendors. The exploit rate of the Log4j flaw has been unusually high since shortly after its exposure. Check Point Research detected approximately 40,000 attack attempts 2 hours after the Log4j vulnerability was revealed and 830,000 attack attempts 72 hours into the event.
The vulnerability could potentially allow threat actors to access any system using the library, including systems that are used to manage client networks and resources.
The potential damage that could be caused by this one vulnerability in an open source library demonstrates the immense risk posed by software supply chains, especially in cases where an underfunded project, run by several part-time volunteers, is a key component that thousands of multi-million computer systems rely on worldwide.