More than 1.2 million attacks against companies have been made through the Log4J vulnerability since last Friday. According to the cyber security group Check Point, attacks after 12 hours were 40,000, and then it jumped to 800,000 after 72 hours. Their data suggests that the attacks are increasing. Very clearly, this is presenting itself as a very serious threat with the potential to cause extensive damage.
In addition to finding out that the attacks are increasing, Check Point is also witnessing new variations of the original exploit being introduced rapidly.
The perpetrators include “Chinese government attackers”, according to Charles Carmakal, chief technology officer of cyber company Mandiant. John Hultquist, VP, intelligence analysis at Mandiant, also stated that “We have seen Chinese and Iranian state actors leveraging this vulnerability, and we anticipate other state actors are doing so as well, or preparing to.” The flaw allows attackers to install Coin Miners, remote access tools which can be used to steal data, and much more in order to accomplish their goals. And while the main source of attacks are low level crypto miners, major attackers are getting involved. In addition to Chinese and Iranian involvement, Microsoft has tracked activity from North Korea and Turkey. Some actors have the goal of financial gain, others seek only disruption.
With this new exploit, attackers have free reign to do as they please. It is shockingly easy to deploy an attack, and it will most definitely be exploited for months to come.