In December, a vulnerability in the open-source Apache logging framework Log4j led to security teams across the globe rushing to secure and patch their systems. Log4j is so widely-used that Jen Easterly, director at the Cybersecurity and Infrastructure Security Agency, called it the most serious security flaw she’d seen in her career, warning that businesses everywhere should make securing their systems against the vulnerability an urgent priority. As Log4j is an embedded Java logging library present in thousands of software products, security teams must write their own patches. The flaw, named Log4Shell, allows malicious Java code to be logged, granting bad actors access to the system in question. Significant attacks taking advantage of the vulnerability have been seen already, with ransomware gang NightSky targeting companies through VMWare Horizon systems, which use the Log4j framework. There have been reports of ransom demands of up to $800,000, demonstrating how severe the damage could be if left unpatched.  

We are using more technology than ever. That’s especially true for corporates, with connected servers, databases, and services key to business in 2022 – and attackers know this. Ransomware attacks have skyrocketed, with businesses acutely aware of the constant threat of leaked passwords and security vulnerabilities. Omnichannel retail also needs to take extra care, with attackers looking to exploit the massive number of APIs companies use to connect their omnichannel services. When attackers know that one successful hack can infect thousands of systems down the line, the stakes are high – and companies should take extreme precautions, segmenting networks and decentralising passwords as a high priority.

On 04 January, a leading provider of school websites was hit by a massive ransomware attack. The provider, Finalsite, manages content, communications, mobile apps and enrolment for over 8,000 schools. It was forced to take its services offline while it addressed the hack. Security staff first noticed the attack in certain corporate systems and quickly set to work restoring services and corporate networks. Most school services were restored within a week of the attack, and Finalsite has still found no evidence that customer data was stolen. This is the latest of many attacks on service providers, in turn disrupting the systems of thousands of customers.

The FBI’s Internet Crime Complaint Centre received 300,000 more reports in 2021 than in 2020. As if that wasn’t startling enough, the losses reported totalled more than $4 billion. To protect against losses, companies have relied on cyber insurance. However, with cyber attacks increasing in volume, cost and severity, many insurers have now altered – or completely removed – their coverage options. Insurers have become extremely risk-averse, with Lloyds of London one of many to recently reduce their cyber coverage. For those that do manage to find an insurer, there will be increased costs, less comprehensive coverage, and more burden of proof that any incidents were not the fault of the victim.

Microsoft has been the architect of its own issues over the last month, with two security patches causing more problems than they fixed. In one patch, users were able to bypass a previously closed flaw to elevate their access privileges. The flaw was discovered by a security researcher in late November. It applies to both Windows 10 and Windows 11 users, and Microsoft are aware of the ongoing issue, with an update in the pipeline to fix the weakness. By releasing the patch, Microsoft actually made Windows more open to attack – hopefully the next one will be more successful.

One of the world’s premier insurance companies, Lloyds of London, has announced that it will no longer pay out on damages from nation-state cyberattacks. Lloyds’ cyber insurance products used to cover most damages occurring from cyberattacks. In the announcement, Lloyds said that damages coming from “cyber war between two nations” would not be covered, although this left plenty open to interpretation. The decision comes after Lloyds had already increased cyber insurance premiums due to the ongoing ransomware wave, and is a signal that they may be expecting more in the future.