Log4Shell threat remains extremely high - Barracuda
The quantity of cyber attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to Barracuda Networks.
New Threat Spotlight analysis from cloud-enabled security solutions provider Barracuda Networks says that while he Log4Shell vulnerabilities have now been around for more than two months, the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months.
It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens.
Geographically, Barracuda Networks uncovered that 83 per cent of the attacks on their systems came from IP addresses in the United States, with 50 per cent being associated with Amazon Web Services and other large data centers.
Threats analysed also came from Japan, Germany, Netherlands, and Russia.
The UK National Cyber Security Centre have previously advised individuals and businesses to be wary of the threat and to ensure all devices are regularly updated.
Log4Shell is a Java-based error logging audit framework which is an Apache project, and is utilised by many major organisations such as Apple, Amazon and Twitter. Hackers can breach devices running the vulnerabilities to break into IT systems and steal passwords, extract data and infect networks with malicious software.
Researchers at Barracuda Networks found a variety of threats ranging from videos of Rick Astley's Never Gonna Give You Up, cryptocurrency mining payloads, and Distributed Denial of Service (DDoS) malware. They predict that threat actors are working to build out a large botnet and there should be an expectation of large DDoS attacks in the near future.
"Due to the growing number of vulnerabilities found in web applications, it is getting progressively more complex to guard against attacks," said Tushar Richabadas, product marketing manager, Barracuda Networks.
"The best way to protect against Log4Shell specifically is to upgrade to the latest version of Log4J. Maintaining up-to-date software and libraries helps ensure that vulnerabilities are patched in a timely manner," he said.
"All-in-one solutions are now available to protect your web applications from being exploited at the hands of these vulnerabilities," added Richabadas.
"Web Application Firewall and WAF-as-a-service solutions, also known as Web Application and API Protection (WAAP) services, can help to protect web applications by providing the latest security solutions in one easy-to-use location."
Earlier this year, Imperva Research Labs said the Log4Shell zero day vulnerability is "truly one of the most significant security threats of the past decade" and its effects will be felt far into 2022 and beyond.
Imperva had released its analysis of recent Log4j related vulnerabilities including attack patterns, payloads and bypass techniques.
The company observed more than 102 million exploitation attempts since the disclosure on December 9. In the first 10 days, Imperva observed almost 1.3 million exploit attempts per hour.
According to the research, commonly targeted industries are financial services (29.6%), food and beverages (12.4%) and computing and IT (10.4%). Attackers largely used a “spray and pray” approach to the exploitation of this vulnerability.