Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services.

Edge Editors, Dark Reading

March 4, 2022

2 Min Read
A chart showing a sharp spike in the number of attacks targeting Log4j vulnerability and a steep decline.
Source: InfoSec Handlers Diary Blog, SANS Institute

In a recent poll by certification group (ISC)2, 52% of security professionals said their teams collectively spent weeks or more than a month remediating the remote code execution vulnerability in the Apache Log4j logging library (CVE-2021-44228). Nearly half, or 48%, of cybersecurity teams represented in the poll gave up holiday time and weekends to assist with remediating applications and seuring systems, (ISC)2 found. 

It appears the efforts have paid off, as attack volume has plunged, according to the SANS Technology Institute's InfoSec Handlers Diary Blog. "Our sensors detected exploit attempts almost immediately," wrote Johannes Ullrich, the dean of research for SANS Technology Institute. 

December saw a lot of exploitation activity, but since a massive spike on Dec. 28, attack activity has been almost flat for January and February. "Over time, attackers and researchers lost interest in log4j," Ullrich wrote.

Just 10 days after the vulnerability was disclosed, the number of denial-of-service attacks targeting the Log4j vulnerability was double the cumulative volume of attacks targeting the Apache Struts flaw in the first year after it was disclosed, according to a recent report by Fortinet. In less than a month, attacks targeting the flaw were the most prevalent detected by intrusion prevention systems in the second half of 2021. 

The main challenge for security teams lay in the fact that the logging library was ubiquitous and affected nearly every enterprise application and service. 

There haven’t been any major breaches attributed to Log4j to date, largely because security teams moved quickly to address the flaw. However, the (ISC)2 was cautious, noting that 27% of respondents believe the reallocation of resources and the sudden shift in focus made the organizations less secure because other priorities and tasks had to be placed on hold. Security teams say they fell behind on their 2022 security priorities. 

And security teams still have to address any of the systems still left unpatched. Just because the heavy bombardment has eased doesn't mean attackers aren't looking at the flaw. The costly lesson Experian learned in 2018 applies: The massive 2018 data breach was the result of a system running an unpatched version of Apache Struts even after the patch was available.

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights