The Log4j vulnerability is still being firmly exploited worldwide. Kaspersky reports that in the first three weeks of January, 30,562 attempts worldwide to attack users with exploits targeting Log4Shell were blocked by Kaspersky products.
Cybercriminals are trying to further exploit the Log4Shell vulnerability in the new year. Indeed, Kaspersky detected more than 30,000 attempts to attack users via Log4Shell during the first weeks of January. The company reported that in a press release.
In early December, a serious zero day vulnerability was discovered in the popular logging library Apache Log4j. Since then, the Apache Software Foundation released a security patch several times to plug the vulnerability. Even then, developers still manage to download a vulnerable version of Log4j.
High marks
The vulnerability is particularly dangerous to users and thus very attractive to cybercriminals. Once they manage to exploit the vulnerability, the consequences can go as far as giving attackers complete control over a victim’s system.
Since Log4Shell was discovered, Kaspersky products stopped 154,098 exploitation attempts. Jornt van der Wiel, senior security researcher with Kaspersky’s Global Research and Analysis Team, clarifies who is behind the attacks, “The vulnerability is being exploited by both sophisticated criminals targeting specific organizations as well as opportunists simply looking for vulnerable systems to attack.”
“We therefore advise everyone to install security patches as soon as possible and also to install a good security solution that prevents the vulnerabilities from being exploited.” The most recent version of the log library can be found here.
read also