Log4j is undoubtedly the cyber flaw of 2021. As was the case with the WannaCry ransomware, which blocked infected computers for ransom, the bug affecting Java also affects a wide range of systems.
Among others, the servers of Amazon and Twitter.
A few days ago, the Apache Software Foundation released an update that should close the door to third-party intrusions.
Check Point Research (CPR) cybersecurity specialists analyzed the number of attempts to exploit the vulnerability on which the Italian cybersecurity agency had also requested a lot of attention.
According to the latest findings, there are over 4 million attacks carried out by criminal groups through the bug, 46% of which by teams already known to the police.
The percentage of corporate networks targeted is also growing: 48% of all those active in the world. In practice, nearly one in two companies have seen their systems face Log4j-based threats. To date, the number of attempts that have been successful or blocked by the digital defenses of the various networks is still unknown.
"Italy has even more worrying figures about the business networks involved - explain from Check Point Research - here we are around 54% of the active ones. But, in general, it is the diffusion between countries that is overwhelming. currently, over 90 states in all regions. The impact is extensive and reaches peaks that see more than 60% of corporate networks affected. The exploitation of the vulnerability is, for researchers, also aimed at minting cryptocurrencies, such as bitcoin. " The attacker acts to download a virus, such as Trojan malware, which triggers the download of an .exe file, which in turn installs a cryptominer.
This starts using the victim's resources to mine crypto without the user noticing. "
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/FNGPJSHXQZC2BCMQTEUWCUOKDY.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/S7ERVSCT4FUVX6R7TUVBDNTH5Y.jpg)
