A Barracuda report has surfaced, in which it has been said about Log4j that cyber thugs or hackers are more targeting systems without patches. Due to which the servers of giant tech companies like Microsoft, Amazon, Apple etc. were interrupted by the shortcomings of Log4j.
Log4j is a very common logging library used by people all over the world. Its biggest drawback is that logging lets developers see all the activity of an application. Which hackers use to hack the server. Hackers can easily control Java based web servers. Simply put, vulnerabilities in Log4j can allow a hacker to take control of a system.
After the vulnerabilities were uncovered, Apache has also released a new upgrade and a fix. Which it has alerted all the users and companies using its Java based web server. But it seems that many users are still not updated to the latest patch. Taking advantage of this, cyber criminals are targeting such systems.
target from here
According to the research, 83 percent of attacks were carried out from IP addresses in the US, with half of those IP addresses linked to AWS, Azure, and other data centers. Meanwhile, 10 percent of attacks were from IP addresses from Japan, 3 percent from Germany, 3 percent from the Netherlands and 1 percent from Russia. After targeting, the hackers shared many malicious information.
how to defend
If your server is also on Log4j then the best way to protect it from log4shell is to upgrade to the latest version of log4j software. After doing this the vulnerabilities can be rectified in a time bound manner. However, all-in-one solutions are now available to prevent these vulnerabilities from being exploited in the use of the web. Apart from this, help can also be taken from many cloud security.