Log4j was one of the most widespread vulnerabilities of all time – however, 6 months after a patch arrived, the problem has not disappeared. Fresh data from Darktrace competitor ExtraHop, shows that cybercriminals are continually scanning for Log4j vulnerabilities.
The network detection and response (NDR) player tracked scan attempts for the Log4j vulnerabilities month by month, showing the volume of attempts by cybercriminals to take advantage of this widespread vulnerability:
- December 2021: 20,000 scans
- January 2022: 34,000 scans
- February 2022: 128,000 scans
- March 2022: 147,000 scans
- April 2022: 159,000 scans
- May 2022: 20,000 scans
The Log4j exploit has become a standard item in vulnerability scanners and in the toolkits of hackers. It’s even “built-in” to a number of botnets. The massive drop may be due to law enforcement’s shut down of botnet networks but we’ll see continuous scanning for vulnerable systems for a long time now as criminals take advantage of their automated tools to target low hanging fruit.