Log4j Continues Posing Massive Threat
Discovered last month, Log4Shell quickly became infamous as the vulnerability of the year. Although the Apache Foundation released a patch for this vulnerability shortly after its discovery, it continues to pose a huge threat for individuals and organizations.
During the first three weeks of January, Kaspersky products blocked 30,562 attempts to attack users using exploits targeting the Log4Shell vulnerability. Almost 40% of these attempts were detected within the first five days of this month.
If it’s exploited on a vulnerable server, attackers gain the ability to execute arbitrary code and potentially take full control over the system. This vulnerability has been ranked 10 out of 10 in terms of severity.
Since it was first reported, Kaspersky products have detected and prevented 154,098 attempts to scan and attack devices through targeting the Log4Shell vulnerability. Most of the attacked systems were located in Russia, Brazil and the United States.
Evgeny Lopatin is security expert at Kaspersky.
“Indeed, we are seeing many attempts to scan the networks for this vulnerability, as well as attacks,” he said. “I’d like to note that these statistics include both attacks and scans. This number of scans indicates not only the ease of exploitation of this vulnerability, but also the fact that the volume of vulnerable software out there is very high.”
Since the statistics included the scans as well, the gradual decline of them can be explained by two things, Lopatin said. First, users started updating vulnerable software. Second, researchers have already scanned the objects they are interested in and are reducing their activity in this area.
“We can assume that the activity of both researchers and cybercriminals in regards to this vulnerability will continue to decline in 2022, but due to the ease of exploiting Log4Shell and the widespread nature of vulnerable software, the instruments for exploitation of Log4Shell are [here] to stay in the arsenal of cybercriminals for a long time,” he said. “And users who haven’t updated their software and do not use security solutions will continue be at high risk of attacks.”
