Log4Shell Deep Scan Tool honored as Community Winner in the 2022 Difference Makers Awards
“It’s about doing good and doing it exceedingly well.”
This was how Daniel Thanos, Head of Arctic Wolf Labs, described the work of Arctic Wolf Labs when accepting the award for Open-Source Tool Creator of the Year, as voted by the SANS Insitute community at the 2022 Difference Makers Awards. This prestigious awards program “honors individuals and teams in the cyber security community who have made a measurable and significant difference in security.”
Arctic Wolf Labs received the award for our Log4Shell Deep Scan Tool. This script — provided for both Windows and macOS/Linux devices — conducts a deep scan of a host’s filesystem to identify Java applications and libraries with vulnerable Log4j code. When it identifies the existence of impacted Log4j code, the script flags it and outputs its location within the host’s filesystem.
The Long Tail of Log4Shell (Log4j)
On Thursday, December 9, 2021, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in many internet applications. Also known as Log4Shell, the situation was significant and continues to impact organizations now, over a year later.
In the first 47 days after publishing, Arctic Wolf identified and triaged 29,338 unique incidents of adversarial scanning for CVE-2021-44228 within the environments of 807 of our customers. Both the Arctic Wolf® Security Operations Cloud and Arctic Wolf Concierge Security® Team were able to deliver tailored intelligence and remediation guidance in a rapid response to allow our customers to mitigate the risk caused by the Log4Shell vulnerability.
Over the past 12 months, Log4Shell has come to represent 11% of incident response cases, and threat actors are continuing to attempt to exploit it, making identifying all vulnerable instances of the Log4j library within an organization a crucial ongoing challenge for IT and security teams. But that number could have been much higher had the cybersecurity community not leapt into action to help organizations mitigate and remediate instances of the vulnerability in their environments.
The Log4Shell Deep Scan Tool
“Because this [Java] library goes everywhere, the Labs team recognized we had to build a tool to protect our customer base and our community at large.” – Daniel Thanos
Within days of the proof-of-concept’s publishing, the Arctic Wolf Labs team successfully built and deployed the Log4Shell Deep Scan Tool to thousands of organizations worldwide within Arctic Wolf’s customer community. After seeing how effective it was, we made it publicly available on GitHub.
Arctic Wolf’s Log4Shell Deep Scan Tool is still available today and should be used as a complement to existing network-based vulnerability scanning solutions that organizations should already have in place. We recommend organizations periodically run this tool on their most critical cyber assets that are publicly exposed, as well as those behind your perimeter.
The Open-Source Tool Creator of the Year Award
According to the SANS Institute, “the SANS Difference Makers Awards shine a light on the cybersecurity practitioners who are leading innovative developments in the industry, who’ve made outstanding security achievements, and who are contributing back to the InfoSec community in ways that deserve recognition.”
With nearly a dozen award categories honoring individuals and organizations across the entire cybersecurity industry, the awards honor “top mentors, content creators, and the most influential champions focused on building the next generation.”
We were proud to have Daniel Thanos, Arctic Wolf’s Vice President of R&D and head of Arctic Wolf Labs, on-hand that evening to accept the committee award for Open-Source Tool Creator of the Year. You can view his acceptance speech below: