Experts monitor ongoing attacks using exploits for Log4j library flaws

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, trigger a Denial of Service condition, or disclose confidential information.

Dr. Web set up one of its honeypots to analyze the impact of the Log4J vulnerabilities on systems exposed online and discovered an intense activity between December 17th-20th.

log4j

“We record attacks using exploits for the vulnerabilities on one of our honeypots–a special server used by Doctor Web specialists as bait for fraudsters. The most active threat occurred between December 17th-20th, but attacks still continue.” reads the analysis published by DrWeb.

Day Number of attacks
December 10 7
December 11 20
December 12 25
December 13 15
December 14 32
December 15 21
December 16 24
December 17 47
December 18 51
December 19 33
December 20 32
December 21 14
December 22 35
December 23 36

The attacks are carried out from 72 different IP addresses, most of them were German IP addresses (21%), followed by Russia (19.4%), the USA and China (9.7%).

log4j

Experts pointed out the difficulty in asses potentially vulnerable systems because some projects don’t have a direct dependence on Log4j.

“One way or another, vulnerabilities affect the performance of many projects worldwide. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.” concludes the experts.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Log4j)

The post Experts monitor ongoing attacks using exploits for Log4j library flaws appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source