Similar to the lingering symptoms experienced post COVID, Log4j poses a risk for the foreseeable future. Security professionals agree that even systems that have recovered from the exploit, may still face certain risks regardless of the exploit no longer being present.
“In February we found that 36% of the 50 organizations analyzed remain vulnerable to the Log4j vulnerability with specific verticals like retail and healthcare fare well, while universities and financial services fare poorly.”CQ Prime Threat Research Team
Based on statistics, even once a globally known vulnerability is disclosed and patched organizations sill suffer from a lack of implementation. This points out one of the largest draw backs to threat response. Even if a potential threat is discovered and a means of protection is created, it all means nothing if the solution is never utilized.
How does Log4j Exploit Testing work?
The main way to figure out if an application has the Log4j vulnerability is present is by embedding a malicious domain look up request. From there the vulnerability logging component will generate a DNS query. The DNS query is what confirms that the logging component is vulnerable and from there security professionals are able to conclude there is a high likelihood that the vulnerability exists. From there specialized scanning is required to determine further details about the vulnerabilities existence.