Fortinet: Log4j had nearly 50x activity volume of ProxyLogon

Cybersecurity giant Fortinet found that Log4j had nearly 50 times the activity volume compared to ProxyLogon based on peak 10-day average volume in the second half of 2021. The finding was part of the company’s FortiGuard Labs Global Threat Landscape Report released this week. 

The Fortinet report also spotlighted attacks on Linux systems, many of which come in the form of executable and linkable format (ELF) binaries.

“The rate of new Linux malware signatures in Q4 quadrupled that of Q1 2021 with ELF variant Muhstik, RedXOR malware, and even Log4j being examples of threats targeting Linux. The prevalence of ELF and other Linux malware detections doubled during 2021,” the report explained. 

“This growth in variants and volume suggests that Linux malware is increasingly part of adversaries’ arsenal.”


Threat actors are also evolving their use of botnets beyond DDoS attacks. Instead of being “primarily monolithic,” Fortinet said botnets “are now multipurpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware.” 

“For example, threat actors, including operators of botnets like Mirai, integrated exploits for the Log4j vulnerability into their attack kits. Also, botnet activity was tracked associated with a new variant of the RedXOR malware, which targets Linux systems for data exfiltration. Detections of

Read More: