The SolarWinds attack, where the threat actors got inside SolarWinds’ systems and added their malicious code to a legitimate software update, so having SolarWinds distribute this malware to many of its high and low profile customers around the world, seems a long time ago now. But at least in this case the software issue was inside SolarWinds and could be fixed.
The Log4shell (log4j) vulnerability, is different. It impacts a popular logging framework, that has been used many, many time by developers and is inside countless code from both large vendors and small developers. Developers have been fixing it – where possible – but the attacks continue, with even the big vendors missing things:
So have you had code written for you?
Is it impacted by log4l/log4shell?
Have you or your cyber security consultant asked the question of the developers?
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
SolarWinds hack explained: Everything you need to know (techtarget.com)
Log4j and Log4Shell posts at Smart Thinking Solutions
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
