The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow.
The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed enterprise systems.
In some cases, organisations may not even be aware that the Java logging library forms part of the applications they’re using, meaning they could be vulnerable without knowing it. Online attackers have been quick to take advantage of the vulnerability – also known as Log4Shell – as soon as they can.
At that point it was reported that were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.
SEE: A winning strategy for cybersecurity (ZDNet special report)
And according Check Point, attackers have now attempted to exploit the flaw on over 40 percent of global networks.
The number of successful exploits is likely to be much lower, but the figure shows that there are those out there who are looking to try their luck against a new – and potentially difficult to patch – vulnerability.
“Unlike other major cyber-attacks that involve one or a limited number of software, Log4j is basically embedded in every Java based product or web service. It is very difficult to manually remediate it,” Check Point said in a blog post.
Some of the attacks launched by exploiting the Log4j vulnerability include delivering cryptomining malware, as long with delivering Cobalt Strike, a legitimate penetration testing tool which cyber criminals have been known to use to steal usernames and passwords to gain further access to networks.
National cybersecurity bodies around the world have been quick to issue warnings as to how dangerous Log4j could be.
Jen Easterly, director of CISA described the Log4J vulnerability as “one of the most serious that I’ve seen in my entire career, if not the most serious”.
Meanwhile, the UK’s National Cyber Security Centre (NCSC) has urged organisations to install the latest updates wherever Log4j is known to be used.
“The key step for organisations is to patch enterprise software quickly, and for developers using Log4j to update and distribute their software as soon as possible,” said an NCSC spokesperson in an email to ZDNet.
“For the public it’s important to keep updating devices as developers’ understanding of the vulnerability grows,” they added.
MORE ON CYBERSECURITY