Barracuda Networks Tracks Volume of Log4Shell Attacks

Barracuda Networks published a report this week that showed that in the two months since Log4Shell’s disclosure, the volume of attacks that attempt to exploit the vulnerability are occurring at a relatively constant rate with few dips or spikes.

Tushar Richabadas, senior product marketing manager at Barracuda, said that while Log4Shell vulnerabilities are serious enough to require immediate patching of Java applications that use Log4j log management software, it does not yet appear that cybercriminals are moving to exploit this vulnerability at a faster rate than any other.

The majority of attacks tracked thus far by Barracuda Networks originated from IP addresses in the U.S. However, IP addresses used to launch attacks are typically obfuscated. ADVintel discovered that many of those attacks are being aimed at VMware installations.

Subsequently, Barracuda Networks found Kinsing and XMRig malware along with other variants of the Mirai and Mushtik malware in its logs. The most common payloads were various forms of Mirai distributed denial-of-service (DDoS) botnet malware.

The prevalence of DDoS botnet malware seems to suggest that threat actors are working toward building out a large botnet for future use, according to Barracuda. In fact, the company warned there might soon be large-scale DDoS attacks that leverage Log4Shell vulnerabilities.

Most IT organizations are aggressively remediating Log4Shell vulnerabilities as quickly as they can find them. The challenge is developers did not always document where they used the Log4j log management software within their Java applications. Not to mention that very few of those applications include a software bill of materials (SBOM) that would make it simpler for cybersecurity teams to identify Log4j instances.

The Log4Shell vulnerabilities have elevated concerns over the sustainability of open source software. Developers today routinely reuse open source software such as the Log4j logging tool. The issue is that many of those projects are maintained by a small number of programmers that contribute their time and effort to build components that others are free to use. The amount of security expertise those individuals have, like any other developer, is usually limited. On the plus side, more organizations may be implementing DevSecOps best practices as part of an effort to better secure their software supply chains.

In the meantime, several efforts have already been launched to help make that software more secure. The open source community is trying to strike a balance between responsible disclosure of vulnerabilities and the chaos that often ensues when IT teams are required to immediately patch vulnerabilities in widely used software.

Despite that level of stress, however, Richabadas said when it comes to security vulnerabilities the best disinfectant is sunlight. The more awareness there is of a vulnerability the less likely it will be exploited. IT teams should assume that some cybercriminals have probably known about these vulnerabilities for some time. Many more, of course, will soon be moving to exploit that vulnerability as they attempt to compromise as many IT environments as possible.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard