Although the Apache Foundation released a patch shortly after the discovery of Log4j / Log4Shell, this vulnerability continues to pose a major threat to consumers and businesses. Kaspersky products blocked 30.562 attack attempts in the first three weeks of January.
The vulnerability is extremely attractive to cyber criminals as it is easy to exploit and allows them to take complete control over the victim's system.
Log4j: Kaspersky has already blocked over 150.000 attacks
Since initial reporting, Kaspersky products have detected and blocked 154.098 attempts to scan and attack devices by targeting the Log4Shell vulnerability. Most of the systems attacked were in Russia (13 percent), Brazil (8,97 percent) and the United States (7,36 percent). 3,87 percent of the systems were in Germany, 0,39 percent in Switzerland and 0,29 percent in Austria.
Evgeny Lopatin, security expert at Kaspersky, comments on the situation as follows: “We can see that with Log4Shell there are now fewer scans and attack attempts than in the first few weeks immediately after the discovery. However, attempts to exploit this vulnerability are still being made. Our telemetry shows that cyber criminals continue their extensive mass scanning activities and attempt to exploit the exploit. The vulnerability is used by both advanced threat actors targeting specific organizations and opportunists simply looking for vulnerable systems to attack. We urge everyone who hasn't already done so to install patches and use a strong security solution to protect themselves."
Kaspersky products detect and block attacks via this vulnerability under the following ID:
- UMIDS: Intrusion.Generic.CVE-2021-44228.
- PDM: Exploit.Win32.Generic
Kaspersky recommendation for protection
- Immediately the install latest version of library 2.15.0; this is available on the project page. If the library is used in a third-party product, it should be checked when the software provider will make an update available; this should also be installed immediately.
- Follow the Apache Log4j project guidelines at https://logging.apache.org/log4j/2.x/security.html.
- Businesses should use a security solution or service such as Kaspersky Endpoint Detection and Response or Kaspersky Managed Detection and Response Service that can detect and stop attacks in the early stages.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/