Security News > 2021 > December > Log4Shell Is Spawning Even Nastier Mutations

The internet has a fast-spreading, malignant cancer - otherwise known as the Apache Log4j logging library exploit - that's been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week.

The flaw, which is uber-easy to exploit, has been named Log4Shell.

The more ways to exploit the vulnerability, the more alternatives attackers have to slip past the new protections that have frantically been pumped out since Friday, Check Point said.

Because of the enormous attack surface it poses, some security experts are calling Log4Shell the biggest cybersecurity calamity of the year, putting it on par with the 2014 Shellshock family of security bugs that was exploited by botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning within hours of its initial disclosure.

Check Point said on Monday that it's thwarted more than 845,000 exploit attempts, with more than 46 percent of those attempts made by known, malicious groups.

Check Point warned that it's seen more than 100 attempts to exploit the vulnerability per minute.

News URL

https://threatpost.com/apache-log4j-log4shell-mutations/176962/