Cookies

Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies. View our Cookie Policy

One month on is Log4Shell the calm before a Ransomware storm?

07/01/2022

What is it?

Log4Shell is a so-called zero-day vulnerability — named as such since affected organisations have zero days to patch their systems — that allows attackers to remotely run code on vulnerable servers running Log4j, which developers use to keep a record of what’s happening inside an application as it runs. The vulnerability is tracked as CVE-2021-44228 and was given the maximum 10.0 severity rating, meaning attackers can remotely take full control of a vulnerable system over the internet without any interaction from the victim — and it doesn’t require much skill to pull it off.

 

Who’s affected?

Since the news of Log4Shell first broke, the growing number of victims suggests thousands of big-name companies and services are likely affected by the flaw. Many of these companies have been quick to act. The Apache Software Foundation, which maintains the Log4j software, released an emergency security patch, as well as mitigation steps for those unable to update immediately. There are also a number of third-party mitigations available. However, given the wide-ranging nature of Log4Shell, and the likelihood that ransomware will follow, this is likely to be the calm before the storm. Patching or mitigating the vulnerability should be at the top of every security team’s priority list.

 

Insurance

Cyber Insurance remains a key part of any prudent business’s insurance protection. If you don’t have it, you should get cover in place. While cover can protect you from the worst of the financial impact, the specialist response services provided through most high-quality policies is even more important. You must however continue to act as if uninsured by making sure you have requested and installed security patches. Some policies may exclude cover if you fail to do this. Please speak with a member of our team if you want to know more. Please also refer to the information and guidance issued by the National Cyber Security Centre here

Latest News from Vista...

Deal Round - up 2021

Deal Round - up 2021

Project Spark (Flint Global Limited) – Minority Investment

Project Spark (Flint Global Limited) – Minority Investment

One month on is Log4Shell the calm before a Ransomware storm?

One month on is Log4Shell the calm before a Ransomware storm?

Private Equity Deals Round-Up 2021

Private Equity Deals Round-Up 2021

2021 has been another successful and very busy year for the Vista deal team. We have continued to grow and have worked on insurance due diligence for a record number of deals and a much wider variety of transactions than ever before.

View full article »

Vista / YFM Equity Partners - Deal Update

Vista / YFM Equity Partners - Deal Update

The latest deal from our Private Equity team.

View full article »

W&I Insurance - should I consider this on every deal?

W&I Insurance - should I consider this on every deal?

Should you be considering Warranty and Indemnity (W&I) cover on every deal? With increased market choice, lower premiums including much lower minimums, and better coverage than ever before the answer is YES.

View full article »

Cyber attack brings SPAR to a halt

Cyber attack brings SPAR to a halt

Is your business covered for such an incident?

View full article »

Hybrid working – Will businesses see a rise or fall in claims against them?

Hybrid working – Will businesses see a rise or fall in claims against them?

Hybrid working – Will businesses see a rise or fall in claims against them?

View full article »

The real cost of a business cyber attack

The real cost of a business cyber attack

4 in 10 businesses (39%) reported having a cyber security breach in the last 12 months, according to Gov.UK's Cyber Security Breaches Survey 2021.

View full article »

Vista sees turnover increase by over 30% with further growth expected

Vista sees turnover increase by over 30% with further growth expected

Vista Insurance Brokers Ltd. has recorded a 32.7% increase in turnover up from £15.6M to £20.7M, for their annual reporting period to July 2021.

View full article »