Deficits that are not closed on software platforms or are not closed before attackers notice are causing major problems. Finally, many users have been victimized because of the vulnerability contained in the Log4j platform, which is an open-source Java library.
The log4j deficit has hurt
The Log4j library managed by the Apache Software Foundation has about 475 thousand downloads of popular Lana software. In particular, the application is used for event recording, while it is also part of software frameworks such as Elasticsearch, Kafka, and Flink.
The bet affects all versions between dec 2.0-beta9 and 2.14.1. Attackers using the remote code execution vulnerability download a package from remote servers and install blackmail software called Khonsari. This software requests Bitcoin by encrypting user data. In addition, it is stated that many systems are also included in the bot network.
The attacks targeting Windows operating systems were detected by the Romanian security firm Bitdefender. The US Cybersecurity Unit also warned organizations and asked them to take the necessary measures by December 24. Canada, New Zealand, Austria, and the United Kingdom are also issuing similar warnings.
It is stated that 60 different variants have been trying to gain access to the Log4j vulnerability, which is defined as a cybersecurity pandemic, in the last 24 hours and 1 million 272 thousand moves have been fended off. The most intense attacks came from Russia with 4275 and Brazil with 2493.
