Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow.

The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed enterprise systems.

In some cases, organisations may not even be aware that the Java logging library forms part of the applications they’re using, meaning they could be vulnerable without knowing it. Online attackers have been quick to take advantage of the vulnerability – also known as Log4Shell – as soon as they can.

There was evidence of attackers scanning for vulnerable systems and dropping malware just hours after Log4J was publicly disclosed

At that point it was reported that were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

SEE: A winning strategy for cybersecurity (ZDNet special report)

And according Check Point, attackers have now attempted to exploit the flaw on over 40 percent of global

Read More: https://www.zdnet.com/article/log4j-flaw-nearly-half-of-corporate-networks-have-been-targeted-by-attackers-trying-to-use-this-vulnerability/#ftag=RSSbaffb68