Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.
Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.