The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks.
The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months. It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens. Geographically, Barracuda Networks uncovered that 83 per cent of the attacks on their systems came from IP addresses in the United States, with 50 per cent being associated with Amazon Web Services and other large data centres. Threats analysed also came from Japan, Germany, Netherlands, and Russia.