Skip to main content

blog

The Numbers Behind Log4j Vulnerability CVE-2021-44228

| Author: Check Point

Precisely one year after the SolarWinds Hack, the groundbreaking supply chain attack the world experienced, and while organisations are still struggling to protect the software supply chain from third-party risk, the Apache Log4j vulnerability exploit has caught security teams during a weekend. Unlike other major cyber-attacks that involve one or a limited number of software, Log4j is basically embedded in every Java based product or web service. It is very difficult to manually remediate it. Once an exploration was published (on Friday), scans of the internet ensued (to allocate surfaces which are vulnerable due to this incident). Those who won’t implement a protection are probably already scanned by malicious actors.

Since Friday, 9 December, when the vulnerability was reported, actors around the world are on the lookout for exploits. The number of combinations of how to exploit it give the attacker many alternatives to bypass newly introduced protections. It means that one layer of protection is not enough, and only multi-layered security posture would provide a resilient protection. Three days after the outbreak, a sum up has been made to see how things are now, which is clearly a cyber pandemic that hasn’t seen its peak yet.

Click on the 'read more' button to read the full article.