Log4Shell – The call is coming from inside the house

On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability in Log4j logging library – assigned with a severity of 10 (the highest possible risk score).

We previously documented there is no known risk to customers from our products and services and published a technical advisory with overview and specific examples of attacks from out telemetry. In this blog post, we will discuss attempted attacks to exploit the Log4j vulnerability and the countries where these attacks are originating from and where victims are located.

We are presenting the following data from our honeypot network, but also data from our telemetry from hundreds of millions of endpoints. When we started analyzing this data, we were surprised to see a very different picture than we were expecting, with western countries listed as the top source of attacks including Germany, United States and Netherlands.

Our first thought was that these countries are known for hosting infrastructure-as-a-service data centers, and many of these attacks are probably coming from ephemeral virtual machines. We started looking at AWS/Azure/GCP regions and source addresses, but only a small percentage of these attacks originated from these cloud providers.

Then, our researchers continued with more thorough investigation, and we identified

Read More: https://businessinsights.bitdefender.com/log4shell-the-call-is-coming-from-inside-the-house