Log4hell vulnerability attack analysis, education institutions have suffered the highest

In 2021, I entered an end. Since the log4shell triggered a network attack war, since the vulnerability was found last month, there have been millions of attacks for log4j every hour, and the average world has 925 online attacks per week. The highest peak of history.

At the report released on Monday, Check Point Research (CPR) pointed out that log4shell attack is the main reason for the total number of corporate networks in the 2021 corporate network increased by 50% year-on-year.

That is, before the Log4hell vulnerability that is easy to use in the Java log library Apache log4j, this year is expected to break the record, because the vulnerability allows unauthenticated remote code execution (RCE) and full pipelines, This vulnerability is crazy in just a few hours.

CPR report, as of October, the number of attacks in Lesso software increased by 40%, and the early digital display, there is an attack by the lesser in every 61 organizations around the world.

Education and research institutions have been attacked

CPR researchers said that education and research departments are the highest in 2021, with an average of 1605 attacks per tissue, which has increased by 75 times more than 2020. To give a typical example, as of December 30th, advanced persistent threats (APT) Aquatic Panda uses the log4shell vulnerability tool to attack many universities, try to steal industrial intelligence and military secrets.

The second largest attacked department is the government and military departments, with 1136 attacks per week: increased by 47%. Next is the communication industry, each organization has 1079 attacks per week, which increases 51%.

The most attacks suffered by Africa and Asia Pacific

Africa has experienced the highest attack on history last year, with an average of 1582 attacks per organization, which increased by 13% over 2020.

As shown in the figure below, each organization of each organization in the Asia-Pacific region has increased by 25%, and the average daily attack is 1353 times. Latin America has 1118 attacks per week, an increase of 38%; 670 attacks per week, an increase of 68%; and North America, each organization has averaged 503 attacks per week, and the attack is 61% more than 2020. .

Everything may be attacked, so make sure everything is safe

CPR recommends that in a multi-application mixed environment, the peripheral attack is everywhere, and there is enough security measures to protect all things. The company said that email, web browsing, server and storage are just the most basic applications, mobile applications, clouds, and external storage are generally indispensable, connected to mobile and terminal devices, and icon (IoT) equipment compliance. Sex should also pay attention.

In addition, CPR recommends, workloads, containers, and unstatic applications in a cloudy and mixed cloud environment should check at any time.

Adopt the most appropriate safety standards. Timely use the latest security patches to prevent hackers from attacking, reasonable splitting networks, using powerful firewalls and IPS protection measures between network segments, curbing viral infections throughout the network, and educating employees effectively identify potential Threat.

The CPR researchers suggested: “Many times, the user’s safety awareness can prevent attacks. To make efforts to work in employee safety education, ensure that if they see unusual content, they will immediately provide you with your security team. Report. User education has always been an important factor in avoiding malware infections. “

Finally, advanced security technology is used in a timely manner, and there is currently no single security technology to protect organizations from all threats and all attacks. However, there is now many great technologies and ideas, such as machine learning, sandbox testing, abnormal detection, content relief, and many other security technologies.

CPR recommends that companies should consider two important components: threat extraction (file anti-virus) and threat simulation (advanced sandbox). Each security measures provide unique protection. If many elements are used together, you can provide a comprehensive solution that can directly intercept unknown malware on the network level and endpoint devices.

This article is translated from: https: //threatpost.com/cyber-spike-attacks-high-log4j/177481/ If reproduced, please indicate the original address.