Log4Shell: New numbers reveal the scale of the critical software exploit

Researchers detail how much the Log4J vulnerability is being exploited and who is being targeted the most

Abstract image of stacked broken egg shells

The scale of the threat associated with the recently discovered Log4Shell vulnerability has been quantified for the first time, with nearly 1 million attack attempts launched in just 72 hours following the critical vulnerability's disclosure on 9 December.

Experts from Check Point Research published observations from early vulnerability scans on Tuesday, which revealed attempts to exploit systems vulnerable to Log4Shell increased from 40,000 in the immediate 12-hour period following disclosure, to 830,000 attempts after just three days.

Researchers said the vulnerability "is clearly one of the most serious vulnerabilities on the internet in recent years, and the potential for damage is incalculable". The security community is still scrambling to fully understand the attack surface for Log4Shell, the RCE vulnerability in the log4j Java logging component revealed last week.

"The number of combinations of how to exploit it give the attacker many alternatives to bypass newly introduced protections," researchers said. "It means that one layer of protection is not enough, and only multi-layered security posture would provide a resilient protection. Three days after the outbreak, we are summing up what we see until now, which is clearly a cyber pandemic that hasn’t seen its peak yet."

A graph indicating the rise in exploitation attempts of Log4Shell

Check Point Research

The industry has banded together to share quick fixes and easy ways to remediate issues in the enterprise, but research has shown attackers are finding new ways to exploit the vulnerability.

Check Point Research said it has seen a steady increase in exploit evolutions over the course of 72 hours since Log4Shell's discovery, with more than 60 different methods already in use.

Findings from their investigation are said to resemble a cyber pandemic, in which attacks spread quickly and evolve continually to break through attempted fixes.

A graph depicting the swift evolution of exploitation of Log4Shell

Check Point Research

Who is most vulnerable to Log4Shell?

The investigation also looked at corporate exposure to Log4Shell and concluded that a global average of 40% of all networks across the world could be vulnerable to log4j flaws.

Australia and New Zealand were found to be the most exposed at 46.2% of all corporate networks, with Europe close behind with 42.2%. Asia and North America are the least exposed at 37.7% and 36.4% respectively.

Value-added resellers and the education sectors were found to be particularly vulnerable compared to other industries, with around half of all organisations across the two sectors thought to be affected.

Unlike with the COVID-19 pandemic, the retail and hospitality sectors are thought to be the least affected, with around a quarter of organisations exposed to log4j-based attacks.

Related Resource

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Whitepaper front coverDownload now

There is significant pressure felt by security teams across the globe to fully patch the vulnerability. Upgrading to the latest version of the log4j library, version 2.15.0, is so far the best mitigation against the flaw.

Also this week, the US' Cybersecurity and Infrastructure Security Agency (CISA) told all federal agencies they had until 24 December to patch systems and protect them from Log4Shell.

It follows a recent increase in focus on patch management across the US public sector, led by CISA, after the agency issued deadlines to all federal departments in November to patch a 300-strong list of major cyber security vulnerabilities. The first deadline passed weeks later but CISA declined to confirm to IT Pro if all federal agencies had met the requirements in time.

Check Point Research said it thinks the vulnerability in the log4j library "will stay with us for years to come" due to the complexity in patching it and the ease in which attackers can exploit it.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022