Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability

Cybersecurity researchers warn on the growing pace of scans and attempted attacks looking to exploit the Java logging library security flaw.
Written by Danny Palmer, Senior Writer

The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow.

The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed enterprise systems.

In some cases, organisations may not even be aware that the Java logging library forms part of the applications they're using, meaning they could be vulnerable without knowing it. Online attackers have been quick to take advantage of the vulnerability – also known as Log4Shell – as soon as they can.


There was evidence of attackers scanning for vulnerable systems and dropping malware just hours after Log4J was publicly disclosed.

At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. "Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups," said cybersecurity company Check Point.

And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks. 

The number of successful exploits is likely to be much lower, but the figure shows that there are those out there who are looking to try their luck against a new – and potentially difficult to patch – vulnerability.

"Unlike other major cyberattacks that involve one or a limited number of software, Log4j is basically embedded in every Java-based product or web service. It is very difficult to manually remediate it," Check Point said in a blog post.

Some of the attacks launched by exploiting the Log4j vulnerability include delivering cryptomining malware, along with delivering Cobalt Strike, a legitimate penetration-testing tool that cyber criminals have been known to use to steal usernames and passwords to gain further access to networks.

National cybersecurity bodies around the world have been quick to issue warnings as to how dangerous Log4j could be.


Jen Easterly, director of CISA described the Log4J vulnerability as "one of the most serious that I've seen in my entire career, if not the most serious".

Meanwhile, the UK's National Cyber Security Centre (NCSC) has urged organisations to install the latest updates wherever Log4j is known to be used.

"The key step for organisations is to patch enterprise software quickly, and for developers using Log4j to update and distribute their software as soon as possible," said an NCSC spokesperson in an email to ZDNet.

"For the public it's important to keep updating devices as developers' understanding of the vulnerability grows," they added.  


Editorial standards