Healthcare Needs Active Defense

“We do expect Log4Shell to be used in intrusions well into the future,” CISA Director Jen Easterly

In December 2021, over 100 ClearDATA clients were attacked via Log4j putting over 550 mission-critical workloads at risk. The initial Log4j alert was only the start; vulnerabilities continued to be identified after the initial alert and continue today. Those clients and their workloads are protected by ClearDATA using our intelligence-driven incident response approach to security.

A summary of the first two weeks of Log4j:

DateFindings
Dec 10, 2021ClearDATA became aware of a new critical zero-day vulnerability impacting multiple versions of the widely utilized Apache Log4j 2 logging library. This specific vulnerability has been assigned CVE-2021-44228 and is also commonly being referred to as “Log4Shell”.  The public disclosure revealed that, if exploited, the Log4j2 vulnerability could result in Remote Code Execution (RCE) on affected installations.
Since becoming aware of this vulnerability ClearDATA has been diligently working with our security partners to ensure that all customer environments are protected from exploitation.
Dec 15, 2021ClearDATA became aware of a new vulnerability, CVE-2021-45046, in Apache Log4j that bypasses the security issues fixed in Log4j version 2.15. This vulnerability allows attackers to craft malicious input data using jndi lookup patterns, causing a denial of service (DOS).
Dec 21, 2021ClearDATA became aware of a new vulnerability, CVE-2021-45105, in Apache Log4j that bypasses the security issues fixed in Log4j version 2.16. This allows an attacker with control over Thread Context Map data to cause a denial of service (DOS) when a crafted string causes a recursive lookup.

Between December 2021 and January 2022, ClearDATA defended over 3.9 million attacks with an 110x increase in attack frequency.

Active Defense: The ClearDATA difference

Active Defense is the result of ClearDATA incorporating insights and lessons learned from each incident into its processes. Unlike other vendors who only eradicate a single issue and move on, ClearDATA converts the information to intelligence and incorporates the intelligence into operations. Integrated into the ClearDATA Policy-as-Code engine, new insights – whether an indicator or a technical bit of information – are fed back into the security systems to make them stronger.

Detection: The Power of Reactive + Predictive

ClearDATA’s Active Defense model focuses on denial and disruption of attacker tempo that minimizes the long-term viability of L4j vulnerabilities and attacker assets. ClearDATA predictive investigations accounted for 90.3% of all recorded LJ4 block events, while vendor-provided rules accounted for the remaining 9.7% of all Log4j blocked events.

ClearDATA’s Managed Defense Never Rests

ClearDATA has seen over a 100% increase in threats since mid-December 2021.  While Log4j remains a threat as hackers continue to target unpatched systems, geo tensions are escalating. Healthcare organizations are bracing for targeting by cybercrime groups with ties to Russia.  Evolving intelligence indicates that the Russian Government is actively exploring options for potential cyberattacks. ClearDATA is ready to support healthcare organizations and applications —large and small—to be prepared to respond to disruptive cyber incidents.

If you would like to learn more about how ClearDATA Managed Defense protects healthcare organizations from cyberthreats and improves the security of hundreds of customers, speak with a healthcare CyberHealth™ expert today.

(C) 2022 ClearDATA

Thank you for subscribing!