<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Available Now: Log4j Vulnerability Discovery with Tools from Corvus and CrowdStrike

Today we’re inviting all Corvus policyholders to request a scan to help determine if they are vulnerable to attacks on the Log4j zero-day vulnerability. We’re advising policyholders to use our remote scan in conjunction with the free targeted search tool developed by CrowdStrike for a complete solution to locating vulnerable software on their systems.

In the weeks since the discovery of CVE-2021-44228, a vulnerability in the common Log4j Java utility package, there has thankfully been little fallout — especially considering that all signs pointed to one of the worst vulnerabilities of the decade. At Corvus, related claims activity has been negligible. We thank the many policyholders we contacted regarding the issue who were able to patch their systems quickly, and our broker partners who helped in conveying the urgency of the situation to their clients. 

Given its unusual severity, however, the Log4j vulnerability (also known as “log4shell”) will remain a threat as long as there are vulnerable systems. We anticipate continued attempts by cybercriminals to locate and exploit Log4j to gain access to environments, to escalate privileges within an environment, and ultimately to remotely execute malicious code across the environment. In supporting our policyholders throughout the rapid response of Log4j, it became clear that many organizations are still struggling to gain confidence that they have fully identified and patched vulnerable systems.

The Corvus Log4j Remote Scan Tool 

That is why the Corvus Data Science and Product teams have developed a new tool modeled on the best open source scanning tools and made it available to our policyholders. This takes the complexity out of having to figure out how to run the scan yourself and instead allows Corvus to support the identification of potentially vulnerable systems. Our Log4j scan allows Corvus to remotely scan environments for those who request it in order to determine whether the Log4j vulnerability is still present on externally accessible systems. 

Our Risk + Response team will work with you to schedule the scan and deliver you the results along with guidance on further action based on the results of the scan. 

Complete Your Checkup with CrowdStrike

While the Corvus Log4j Vulnerability scan will help identify potentially vulnerable external systems, there are still internal systems and applications that may be vulnerable. To allow our policyholders to gain complete visibility into our environments, we looked to our friends at CrowdStrike, frequent collaborators with Corvus on breach response efforts.

The CrowdStrike Archive Scan Tool (or “CAST”) performs a scan of internal systems to look for applications running versions of Log4j. It helps organizations find any version of the affected Log4j library anywhere on disk, even if it is deeply nested in multiple levels of archive files.

We recommend reviewing CrowdStrike’s blog post about CAST to get familiar with the tool’s specific capabilities and find out what to expect from the results readout. CrowdStrike also has a prolific set of resources about log4j that can be found at their Log4j/Log4shell Vulnerability Learning Center, which we recommend to anyone trying to understand the situation better. 

The Corvus Mission: #SaferWorld

We believe that security starts with gaining full visibility into your environment. With the Corvus Remote Log4j vulnerability scan and the CrowdStrike Archive Scan Tool, Corvus policyholders can feel safer knowing that they have done their due diligence in identifying vulnerable systems and applications.

About Corvus Insurance

Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., is building a safer world through insurance products that help to reduce cyber risk for policyholders. Corvus Insurance's Smart Cyber Insurance® and Smart Tech E+O® products include broad coverage, in-house claims handling, and risk prevention services that help prevent cyberattacks through threat alerts for policyholders and the partnership of our in-house cybersecurity experts. 

Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. For more information, visit corvusinsurance.com.

 

Contact:

Kerry Pillion

kpillion@corvusinsurance.com

Recent Articles

Attackers Targeting VPNs Account for 28 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report


Established groups dominated ransomware activity for Q3 2024, including RansomHub, PLAY, and LockBit 3.0. Read the full press release here.

Global Ransomware Attacks, Demands and Payments Rose in Second Quarter According to Corvus Insurance Cyber Threat Report


Q2 2024 Sets Record for Second Most Global Ransomware Attacks in a Quarter, Average Ransom Demand Soars by 102%. Keep reading to learn more.

Corvus Insurance Doubles Underwriting Offering, Expands Small Business Cyber Offering


Full transition to Travelers Excess and Surplus Lines paper completed.