Log4J attacks seem to be increasing right after the vulnerability was first discovered. And the numbers don't lie, as a lot of people have already fallen victim to it.
According to TechSpot, over 840,000 cyberattacks have been recorded using the exploit within 72 hours of the initial discovery. Some cybersecurity firms were even logging as many as 100 attacks every single minute, which is no less alarming.
That number grew exponentially from the first discovery of the exploit. Twelve hours after the outbreak, there were a total of 40,000 breaches. This grew to triple the number a day after, and as much as 400,000 36 hours later.
One of the cybersecurity companies that tallied the numbers was Maniant CTO. According to them, they've discovered that the hackers are scattered all over the world. However, it looks like a lot of them are affiliated with alleged state-sponsored groups from China.
Other companies such as SentinelOne and Check Point also revealed that many of the hacks were perpetrated by well-known Chinese hackers.
This, however, doesn't seem to spell the end of Log4J.
According to ZDNet, a second exploit has been discovered-though it is now reportedly patched. This exploit, as per cybersecurity experts, has the potential to allow hackers to perpetuate DoS (Denial Of Service) attacks by "crafting malicious input data."
Aside from that, the hackers are also using the exploit to do almost anything. This includes secretly mining cryptocurrency on other peoples' hardware, as well as sending tons of spam.
Either way, the recently discovered vulnerability has been the headache of everyone-especially big-name corporations. As per WIRED, some of the affected ones include the biggest names: Amazon, Microsoft, Google Cloud, and Cisco.
What In The World Is Log4J?
Earlier this month, the new Log4J vulnerability was first discovered in "Minecraft" servers. The exploit, as per reports, was allegedly making it possible to run malicious code on the server hardware, as well as the hardware of those who were playing the game.
Eventually, the exploit grew and is now considered one of the greatest risks to the entire web. According to NewScientist, the danger lies in the basic inner workings of the software you use.
Almost all software will have a way of keeping records. These could be small or big errors, or other important events, which are called logs. A lot of developers use the open-source program Log4J to create these logs, but the problem is that it can be "tricked" to run malicious code.
Since Log4J itself is open-source, that's another part of how dangerous it can be. Open-source software can be used, viewed, edited, and run by literally everyone.
Should You Be Worried?
Anybody who has a considerable digital presence should be worried about this new exploit. Furthermore, cybersecurity experts are saying that it can take years before the vulnerability is patched just because of how common it is.
For now, your best protection against it is to keep your devices updated with the latest security patches.
Related Article : Cybersecurity Demands Proactive Design Thinking
This article is owned by Tech Times
Written by RJ Pierce