Become Express Subscriber
Advertisement

Log4j security flaw has already impacted 41 per cent of Indian firms: Report

Researchers at cybersecurity giant Check Point said that they’ve observed attempted exploits of the Log4j vulnerability, known as Log4Shell, on more than 44 percent  of corporate networks worldwide.

Log4Shell has been assigned a severity rating of 10 by security experts, the highest level possible. (File: Image)

About 41 per cent of corporate networks in India have already faced a Log4j vulnerability, according to an analysis by cybersecurity firm Check Point Research (CPR).

The new vulnerability affects the widely used library Log4j which was created by Apache, the most widely used web server. The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox. It was first discovered by Minecraft players but soon it was realised that this vulnerability wasn’t just a Minecraft exploit, but works on every program using the Log4j library.

Researchers at CPR said that they’ve observed attempted exploits of the Log4j vulnerability, known as Log4Shell, on more than 44 per cent of corporate networks worldwide.

To know more about Log4j and the vulnerability, read our recent article where we dig more about the exploit and its workings.

Subscriber Only Stories
Premium
Premium
Premium
Premium

The Australia-New Zealand (ANZ) area was the most impacted region with 46 per cent of its corporate networks facing an exploit, while North America was the least impacted with 36.4 per cent of organizations facing such an attempt, the security firm added.

Early reports on December 10 showed merely thousands of attack attempts, rising to over 40,000 during Saturday, December 11. Twenty-four hours after the initial outbreak our sensors recorded almost 200,000 attempts of attack across the globe, leveraging this vulnerability. At the time of writing this article, the number hit over 800,000 attacks, the researchers noted.

Further, the report highlighted that at least 46 per cent of those attempted exploits were made by known malicious groups.

Advertisement

Lotem Finkelstein, director, threat intelligence and research for Check Point, called the involvement of known malicious groups “most worrying”, adding that log4j “requires an immediate reaction from security teams or it can cause incalculable damage.”

“This vulnerability, because of the complexity in patching it and easiness to exploit, seems that it will stay with us for years to come unless companies and services take immediate action to prevent the attacks on their products by implementing a protection,” CPR, said in a blog post.

Meanwhile, it is worth noting that this bug doesn’t affect all versions of Log4j , and only affects the versions between 2.0 and 2.14.1.

First published on: 15-12-2021 at 04:54:53 pm
Next Story

Assam TET result 2021 declared; here’s how to check

Home
ePaper
Next Story
X