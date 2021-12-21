Of grave vulnerability Log4Shell (which affects the open source Log4J library allowing remote code execution attacks) We have already spoken in this last week: from the conditions in which the developers in charge of patching it work, to the presence of the vulnerability in one of the NASA vehicles that is exploring Mars right now.

The problem the Internet faces with Log4Shell is that unlike other relevant cyberattacks in recent times, which affected a limited number of software products (in many cases only one), Log4j is built into virtually every Java-based web service.

All cybercriminals in the world, hunting for exploits

Last Monday the experts were already talking about an “incalculable potential for harm”, and Adam Meyers, vice president of the cybersecurity company Crowdstrike, stated that

“The Internet is on fire right now. There are people who are struggling to patch [la vulnerabilidad] and even more people who are fighting to exploit it. “

So once the vulnerability was made public (courtesy of an Alibaba engineer), mass internet scans began (especially from the Tor network), with the aim of finding vulnerable platforms. Virtually all groups of cybercriminals and hackers at the service of states have been busy in this last week.

🚨⚠️New # 0-day vulnerability tracked under “Log4Shell” and CVE-2021-44228 discovered in Apache Log4j 🌶️‼ ️ We are observing attacks in our honeypot infrastructure coming from the TOR network. Find Mitigation instructions here: https://t.co/tUKJSn8RPF pic.twitter.com/WkAn911rZX – Deutsche Telekom CERT (@DTCERT) December 10, 2021

Last Friday – the day after Log4Shell was released – Cloudflare was already detecting an average of 5,483 scans per minute for vulnerable web services. The figure was growing progressively until this Monday, when they were already exceeding 24,600 per minute (almost 35,500,000 per day).



Evolution of attacks detected per minute taking advantage of Log4J (via Cloudflare).

In summary: most likely, all those vulnerable platforms that have not implemented protection measures, by now they will have been detected and attacked.

And the worst thing is not that they are making use of the first exploit spread by Chen Zhaojun, but that In the first hours of diffusion, more than 60 new exploits were created They use Log4J vulnerabilities in order to extract data.



Fortunately, the COVID-19 variants have not emerged at the same rate as those of Log4Shell (via Check Point Soft.).

As explained earlier this week by the cybersecurity company Check Point Software,

“The large number of combinations available to exploit Log4Shell provides the attacker with many alternatives to circumvent the latest introduced protections.” “This means that one layer of protection is not enough, and only a strategy based on the use of multiple layers of security would provide resilient protection. Three days after the outbreak, what we are seeing is clearly a cyber pandemic that we have yet to see. its peak “.

In fact, according to the data handled by the company 48.1% of all corporate networks in the world had been affected during the first days after vulnerability came to light (51.2% in the case of Europe).

Via | Cloudflare & Check Point & Sky News