Log4Shell still being exploited six months on
Six months after the Log4Shell vulnerability was made known, vulnerable instances remain accessible on the internet and people attempting to exploit them according to the latest Trustwave SpiderLabs Telemetry report.
Using data gathered from the Shodan device search engine, the report shows that as of June 9, 2022, 1,467 instances were vulnerable to Log4Shell. These vulnerable instances are from the Russian Federation, United States, and Germany with 266 (18 percent), 215 (15 percent), and 205 (15 percent) hosts, respectively.
On a positive note the report does show that companies are likely to patch their systems in a timely manner, or that they are more aware of their security than they were last year, with some of the high severity vulnerabilities picked for this report affecting less than 10 percent of the sampled hosts from Shodan.
There is a five percent increase in the critical vulnerabilities from last year's 13 percent and total CVEs for 2022 are expected to exceed last year's total.
The report's authors conclude, "Threat actors continuously scan the Internet to gain the advantage of those organizations with slow or outdated patching processes. Therefore, a proactive approach to identifying vulnerabilities is incredibly important. Knowing which new and old vulnerabilities should be a concern, and acting at the right time, are two critical factors that must be in place to have a good security posture. As seen in this report, more and more organizations are getting involved in protecting their assets as more critical vulnerabilities emerge in public domain."
To improve protection the report recommends that security staff should conduct a regular review of assets by means of audits, scans, and/or penetration tests, and prioritize patching on key systems. Business should also limit access to systems and apply the principle of least privilege, and provide as much support as possible for the security teams responsible for protecting and applying these concepts.
You can find out more on the SpiderLabs blog.
Image credit: billiondigital/depositphotos.com