Subscribe
About

Log4Shell exploitation isn’t over

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 08 Feb 2022

The Log4j or Log4Shell vulnerability continues to pose a huge threat to individuals and businesses alike. During the first three weeks of January, Kaspersky blocked 30 562 attempts to use this exploit.

The threat is a software vulnerability in Apache Log4j 2, a popular Java library for logging error messages in applications. Published as CVE-2021-44228, Log4j is a remote code execution vulnerability, meaning that if it is exploited on a vulnerable server, hackers can execute arbitrary code, and potentially take control of a system. 

This CVE was ranked a 10 out of 10 in terms of severity.

The exploit was discovered in December last year, and quickly became infamous as the vulnerability of the year. The Apache Foundation released a patch for this CVE shortly after it was found, but unfortunately it takes weeks or months for vendors to update their software.

According to Kaspersky, Log4Shell is popular with attackers because it enables them to gain complete control over the victim’s system and is easy to exploit.

Log4Shell is popular with attackers because it enables them to gain complete control over the victim’s system and is easy to exploit.

Kaspersky

Since it was first reported, Kaspersky products have detected and prevented 154 098 attempts to scan and attack devices through targeting the vulnerability. Most of the attacked systems were located in Russia (13%), Brazil (8.97%) and the USA (7.36%).

Evgeny Lopatin, a security expert at Kaspersky, says the company has noticed far fewer scans and attempted attacks using this vulnerability than there were in the first weeks when it was first discovered.

“Still, attempts to exploit this vulnerability are here to stay. As our telemetry shows, cyber criminals continue their extensive mass scanning activities and make attempts to leverage the exploitable code,” he adds.

Log4Shell is being exploited by both advanced threat actors who target specific organisations and opportunistic ones who are simply looking for any vulnerable systems to attack.

“We urge everyone who has not yet done so to patch up and use a strong security solution to keep themselves protected,” he adds.

To protect against this threat, Kaspersky experts recommend installing the most recent version of the library, which can be downloaded on the project page. Anyone using the library of a third-party product, will need to monitor and install timely updates from a software provider.

Share