Contrast Security Explains the Log4j Attack Impact on Global Enterprises
LOS ALTOS, Calif., Dec. 21, 2021 /PRNewswire/ -- Contrast Security, the leader in next-gen code security, today shared information on how Log4j, the most popular piece of free open-source Java computer language software used by developers worldwide, will continue to impact major organizations around the globe including Apple, Tesla, Microsoft, and government agencies for the foreseeable future.
“This is the most severe software vulnerability we have ever seen. It is incredibly widespread and extremely easy for hackers to exploit,” said Arshan Dabirsiaghi, Chief Scientist and Co-founder at Contrast Security.
As an expert organization in testing and protecting third-party open-source code moving through the software supply chain, Contrast, as well as expert researchers, have established that the Log4j attacks are now being weaponized for ransomware and data theft. Even self-replicating worms and bots are now known to exist.
Organizations are rushing to plug the hole, but progress has been slow. Several fixes have also been issued by Apache but found to be incomplete – setting the process back each time. Security research teams are starting to see disruption of service and confirmed hacks including the Canadian and Belgian governments. In addition to confirmed hacks, organizations are choosing to take down websites and services to minimize their exposure.
Contrast has been able to protect global enterprises and Fortune 500 customers from Log4j since internal data showed that attacks were on-the-rise as early as November 24th – long before the vulnerability was publicly disclosed. Customers’ applications are protected with Contrast Protect as it defends applications against the underlying vulnerability with sandboxes that separate exploitable operations from exploiting targets. This immediate protection allows customers to schedule permanent fixes without being exposed. Contrast Customer Success and Service teams have also been working 24/7 with SecDevOps teams and developers, to protect vulnerable applications or Java application portfolios.
“At Contrast Security, we help protect companies from this type of attack, and we’re protecting our customers from the start,” said Steve Wilson, Chief Product Officer at Contrast Security. “As we reviewed our own internal data, we saw a dramatic uptick in attacks of this type starting two weeks before this problem became common knowledge. This means networks at many organizations are already compromised. However, the way Contrast customers were able to respond to the Log4j vulnerability because of Contrast Protect and the Contrast Code Security Platform was amazing.”
To learn more about how Contrast can protect Java applications against exploits like Log4j, please visit our website.
About Contrast Security:
Contrast Security secures the code that the world economy relies on. It is the industry’s most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprises to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world’s largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.
SOURCE Contrast Security