FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to the news list

Vulnerabilities in Log4j 2 threaten users

December 27, 2021

Concerning the dangerous vulnerabilities in the Log4j 2 logging library–CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550–Doctor Web is drawing users’ attention to the need to observe protective measures. The library is used for logging in Java projects and is part of the Apache Logging Project. Vulnerabilities allow attackers to execute arbitrary code on the system and cause a Denial of Service or disclose confidential information. Even though Apache has already released several patches, vulnerabilities may still be a danger.

The most critical vulnerability, Log4Shell (CVE-2021-44228), is based on Log4j 2 log message generation. When the messages are generated in a specific way, a call to a server controlled by the attackers occurs, followed by execution of the code.

Through these vulnerabilities, cybercriminals spread miners, which are malware for mining cryptocurrencies. They can also spread backdoors to gain remote access to a device and Trojan-DDoS that allow fraudsters to make DDoS attacks.

We record attacks using exploits for the vulnerabilities on one of our honeypots–a special server used by Doctor Web specialists as bait for fraudsters. The most active threat occurred between December 17th-20th, but attacks still continue.

Day Number of attacks
December 107
December 1120
December 1225
December 1315
December 1432
December 1521
December 1624
December 1747
December 1851
December 1933
December 2032
December 2114
December 2235
December 2336

The attacks are carried out from 72 different IP addresses. Talking about the distribution by country, the largest number of attacks were carried out from German IP addresses, with 21%. Russian IP addresses are slightly behind with 19.4%. USA and Chinese IP addresses are ending the top three with 9.7% for both countries.

#drweb

Some projects depend directly on Log4j 2, while others have one or more implicit dependencies. One way or another, vulnerabilities affect the performance of many projects worldwide. You need to closely watch the release of software updates that use the Log4j 2 library and install them as soon as possible.

Moreover, don’t forget to update Dr.Web regularly. Our products successfully detect the payload of malware that penetrates devices through the Log4j 2 vulnerabilities.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

© Doctor Web
2003 — 2022

Doctor Web is a cybersecurity company focused on threat detection, prevention and response technologies