The Log4J vulnerability becomes a pandemic, with over 840,000 attacks launched within 72 hours

The Log4J vulnerability becomes a pandemic, with over 840,000 attacks launched within 72 hours

Techspot reported on Log4J over the weekend after it was discovered last week. Since Friday, the use of open-source software has become a pandemic unto itself. Check Point has been monitoring the situation and observed more than 100 Log4J attacks per minute at one point.

The hackers are spread across the globe, but many appear to be affiliated with Chinese state-sponsored groups, cybersecurity company Maniant CTO Charles Carmakal told Ars Technica. Other firms monitoring the attacks, such as Check Point and SentinelOne, confirm that a significant number are perpetrated by known Chinese hackers. According to Check Point, more than half of the exploits originate from well-known hacking groups that use it to distribute popular malware such as Tsunami and Mirai for botnets and XMRig for Monero mining.

The exploit was initially discovered on Minecraft servers. It exploits a Java flaw to launch remote code execution attacks capable of completely taking control of a system. LunaSec highlighted the vulnerability of the Apache Struts framework, which is used on thousands of business servers.

"This is one of the most serious vulnerabilities I've seen in my career, if not the most serious," Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), told industry leaders. She added that the flaw could impact hundreds of millions of devices.

Check Point noted that hackers exploiting Log4J were able to take control of computers and perform a variety of tasks, ranging from cryptocurrency mining to spam distribution to initiating DDoS attacks using large botnets.

The UK's National Cyber Security Centre and the US CISA have strongly urged companies to make patching out this severe vulnerability their top priority. The aforementioned leading brand companies are rushing to issue fixes, and none have reported any breaches to date. IT administrators, on the other hand, should not underestimate the gravity of the situation.

"With this vulnerability, attackers gain almost unlimited power—they can extract sensitive data, upload files to the server, delete data, install ransomware, or pivot to other servers," said Acunetix's head of engineering, Nicholas Sciberras.